vulnerability
Oracle Solaris 11: CVE-2020-12392: Vulnerability in Firefox, Thunderbird
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:P/I:N/A:N) | May 26, 2020 | Jan 19, 2021 | Feb 17, 2022 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
May 26, 2020
Added
Jan 19, 2021
Modified
Feb 17, 2022
Description
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
Solutions
oracle-solaris-11-4-upgrade-mail-thunderbird-68-8-0-11-4-22-0-1-69-2oracle-solaris-11-4-upgrade-mail-thunderbird-plugin-thunderbird-lightning-68-8-0-11-4-22-0-1-69-2oracle-solaris-11-4-upgrade-web-browser-firefox-68-8-0-11-4-22-0-1-69-2oracle-solaris-11-4-upgrade-web-data-firefox-bookmarks-68-8-0-11-4-22-0-1-69-2
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.