CVE-2020-6797

Summary

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 68.5affected
MozillaFirefoxunspecified < 73affected
MozillaFirefoxunspecified < ESR68.5affected

Weaknesses

  • Extensions granted downloads.open permission could open arbitrary applications on Mac OSX

ADP Enrichment

CVE Program Container

Additional References

References