Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
Firefox
- < 127
- < 115.12
Source
security@mozilla.org
Tags
CVE-2024-5692 details
Published : June 11, 2024, 1:15 p.m.
Last Modified : June 11, 2024, 1:54 p.m.
Last Modified : June 11, 2024, 1:54 p.m.
Description
On Windows, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1837514 | security@mozilla.org |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1891234 | security@mozilla.org |
| https://www.mozilla.org/security/advisories/mfsa2024-25/ | security@mozilla.org |
| https://www.mozilla.org/security/advisories/mfsa2024-26/ | security@mozilla.org |
This website uses the NVD API, but is not approved or certified by it.