CVE-2022-31739 Information

Description

When downloading files on Windows the % character was not escaped which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%.
This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Thunderbird < 91.10 Firefox < 101 and Firefox ESR < 91.10.

Reference

https://www.mozilla.org/security/advisories/mfsa2022-20/ https://bugzilla.mozilla.org/show_bug.cgi?id=1765049 https://www.mozilla.org/security/advisories/mfsa2022-22/ https://www.mozilla.org/security/advisories/mfsa2022-21/