CVE-2020-6799 - OpenCVE

Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows
Mozilla	Firefox Esr Firefox

Configuration 1 [-]

AND

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1606596	Issue Tracking Patch Vendor Advisory
https://security.gentoo.org/glsa/202003-02	Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2020-05/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-06/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mozilla

Published: 2020-03-02T04:05:03

Updated: 2020-03-12T20:06:17

Reserved: 2020-01-10T00:00:00

Link: CVE-2020-6799

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-03-02T05:15:13.590

Modified: 2022-01-01T19:35:47.037

Link: CVE-2020-6799

JSON object: View

Redhat Information

No data.

CWE

CWE-88

{"containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "73", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "ESR68.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5."}], "problemTypes": [{"descriptions": [{"description": "Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-12T20:06:17", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-05/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-06/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1606596"}, {"name": "GLSA-202003-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2020-6799", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "73"}, {"version_affected": "<", "version_value": "ESR68.5"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2020-05/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-05/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-06/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-06/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1606596", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1606596"}, {"name": "GLSA-202003-02", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-02"}]}}}}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2020-6799", "datePublished": "2020-03-02T04:05:03", "dateReserved": "2020-01-10T00:00:00", "dateUpdated": "2020-03-12T20:06:17", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "D881BDA7-3601-4A45-991F-4B2B187A73D0", "versionEndExcluding": "73.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "17B5BB4D-FF9F-433C-A3AC-E4F34C3D75D9", "versionEndExcluding": "68.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5."}, {"lang": "es", "value": "Los argumentos de la l\u00ednea de comandos podr\u00edan haber sido inyectados durante la invocaci\u00f3n de Firefox como un manejador shell para determinados tipos de archivos incompatibles. Esto requiri\u00f3 que Firefox sea configurado como el manejador predeterminado para un tipo de archivo dado y para que un archivo descargado sea aperturado en una aplicaci\u00f3n de un tercero que no sane\u00f3 suficientemente los datos de la URL. En esa situaci\u00f3n, haciendo clic en un enlace de una aplicaci\u00f3n de terceros podr\u00eda haber sido usado para recuperar y ejecutar archivos cuya ubicaci\u00f3n fue suministrada mediante argumentos de l\u00ednea de comandos. Nota: Este problema s\u00f3lo afecta a los sistemas operativos Windows y cuando Firefox es configurado como el manejador predeterminado para tipos de archivo no predeterminados. Otros sistemas operativos no est\u00e1n afectados. Esta vulnerabilidad afecta a Firefox versiones anteriores a 73 y Firefox versiones anteriores a ESR68.5."}], "id": "CVE-2020-6799", "lastModified": "2022-01-01T19:35:47.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-02T05:15:13.590", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1606596"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-02"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-05/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-06/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "nvd@nist.gov", "type": "Primary"}]}