{
  "affected": [
    {
      "database_specific": {
        "unresolved_ranges": [
          {
            "events": [
              {
                "introduced": "0"
              },
              {
                "fixed": "73.0"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "0"
              },
              {
                "fixed": "68.5.0"
              }
            ]
          }
        ]
      }
    }
  ],
  "details": "Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 73 and Firefox \u003c ESR68.5.",
  "id": "CVE-2020-6799",
  "modified": "2026-03-13T21:57:34.697129497Z",
  "published": "2020-03-02T05:15:13.590Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://security.gentoo.org/glsa/202003-02"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-05/"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.mozilla.org/security/advisories/mfsa2020-06/"
    },
    {
      "type": "FIX",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1606596"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}