CVE-2020-6811 - log back

CVE-2020-6811 edited at 16 Mar 2020 11:32:25
Description
- A security issue has been found in Firefox before 74, where the 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution.
+ A security issue has been found in Firefox before 74 and Thunderbird before 68.6, where the 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6811
https://bugzilla.mozilla.org/show_bug.cgi?id=1607742
CVE-2020-6811 edited at 11 Mar 2020 10:56:48
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary command execution
Description
+ A security issue has been found in Firefox before 74, where the 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1607742
Notes
CVE-2020-6811 created at 11 Mar 2020 10:25:09