CVE-2020-12392 – The ‘Copy as cURL’ feature of Devtools’ network tab did not properly escape the HTTP POST …

26 May 2020

Vuln ID: CVE-2020-12392

Published: 2020-05-26 18:15:11Z

Description: The ‘Copy as cURL’ feature of Devtools’ network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the ‘Copy as cURL’ feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

Source: NVD.NIST.GOV

Date:

26 May 2020

Categorie(s):

NVD

Tag(s):

NVD

How to revamp your cybersecurity in the middle of the chaos18 May 2024
Leveling the cybersecurity playing field18 May 2024
Automated pentesting in the cloud18 May 2024
Hardware cybersecurity leader, Flexxon, introduces Server Defender18 May 2024
Aussie cops probe MediSecure’s ‘large-scale ransomware data breach’18 May 2024