CVE-2024-5692 Information
Description
On Windows when using the ‘Save As’ functionality an attacker could have tricked the browser into saving the file with a disallowed extension such as .url by including an invalid character in the extension. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12.
Reference
https://bugzilla.mozilla.org/show_bug.cgi?id=1837514
https://bugzilla.mozilla.org/show_bug.cgi?id=1891234
https://www.mozilla.org/security/advisories/mfsa2024-25/
https://www.mozilla.org/security/advisories/mfsa2024-26/
On
Windows
when
using
the
‘Save
As’
functionality
an
attacker
could
have
tricked
the
browser
into
saving
the
file
with
a
disallowed
extension
such
as
.url
by
including
an
invalid
character
in
the
extension.
Note:
This
issue
only
affected
Windows
operating
systems.
Other
operating
systems
are
unaffected.
This
vulnerability
affects
Firefox
<
127
and
Firefox
ESR
<
115.12.