CVE-2024-5692

2024-06-1113:15:50

[email protected]

web.nvd.nist.gov

windows

save as

vulnerability

file extension

trickery

firefox

5.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

On Windows 10, when using the ‘Save As’ functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as .url by including an invalid character in the extension. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

Affected configurations

Vulners

Node

mozillafirefoxRange≤127

mozillafirefox_esrRange≤115.12

mozillathunderbirdRange≤115.12

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "127",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Firefox ESR",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "115.12",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "115.12",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]