VDB

CVE-2020-12393

CVE-2020-12393 PUBLISHED

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

EPSS 0.47% · 64.8th percentile

Risk Scores

EPSS Score
0.47%
64.8th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSmozjs380, 38.8.0~repack1-0ubuntu1, 38.8.0~repack1-0ubuntu3
Ubuntu:20.04:LTSmozjs680, 68.6.0-1ubuntu1, 68.5.0-1~fakesync
Ubuntu:18.04:LTSmozjs5252.3.1-0ubuntu3, 52.9.1-0ubuntu0.18.04.1, 52.3.1-7fakesync1
Ubuntu:20.04:LTSmozjs520, 52.9.1-1ubuntu3, 52.9.1-1build1

Timeline

  • May 8, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›