CVE-2020-6799: 
NixOS vulnerability analysis and mitigation

CVE-2020-6799 is a command line argument injection vulnerability discovered in Mozilla Firefox versions prior to 73.0 and Firefox ESR versions prior to 68.5. The vulnerability occurs when Firefox is configured as the default handler for certain unsupported file types on Windows operating systems. When a file is opened in a third-party application that insufficiently sanitizes URL data, clicking a link in that application could be used to retrieve and execute files through injected command line arguments (NVD, Mozilla Advisory).

The vulnerability stems from Firefox's handling of shell associations for non-default file types. When Firefox is configured as the default handler for a file type through Windows' 'Open With' dialog, the command line arguments could be injected during Firefox invocation. This occurs because the file handler registration lacks proper command line argument sanitization, specifically missing the '-osint' flag that would prevent argument injection. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code on the target system with the privileges of the Firefox process. The attack requires user interaction in the form of clicking a link in a third-party application, and the vulnerability only affects Windows systems where Firefox is configured as the default handler for non-default file types (NVD, Threatpost).

The vulnerability was fixed in Firefox version 73.0 and Firefox ESR version 68.5. Users are advised to upgrade to these or later versions. For Gentoo Linux users, the fix is available in www-client/firefox-68.6.0 and www-client/firefox-bin-68.6.0 (Gentoo Advisory).