CVE-2020-6799

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 73 Firefox versions prior to ESR68.5

Description The issue allows command line arguments to be injected during Firefox invocation as a shell handler for certain unsupported file types. This requires Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third-party application that insufficiently sanitizes URL data. In such a situation, clicking a link in the third-party application could be used to retrieve and execute files whose location was supplied through command line arguments. This issue only affects Windows operating systems when Firefox is configured as the default handler for non-default file types.

Recommendations For Firefox versions prior to 73, update to version 73 or later to resolve the issue. For Firefox versions prior to ESR68.5, update to version ESR68.5 or later to resolve the issue.