CVE-2024-5692

Summary

On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as .url by including an invalid character in the extension. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 127affected
MozillaFirefox ESRunspecified < 115.12affected
MozillaThunderbirdunspecified < 115.12affected

Weaknesses

  • Bypass of file name restrictions during saving

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References