CVE-2020-6797 Information

Description

By downloading a file with the .fileloc extension a semi-privileged extension could launch an arbitrary application on the user’s computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird 68.5 Firefox 73 and Firefox ESR68.5.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1596668 https://security.gentoo.org/glsa/202003-02 https://www.mozilla.org/security/advisories/mfsa2020-05/ https://www.mozilla.org/security/advisories/mfsa2020-06/ https://www.mozilla.org/security/advisories/mfsa2020-07/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3