CVE-2024-5692 | Vulnerability Database | Aqua Security

On Windows 10, when using the Save As functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as .url by including an invalid character in the extension. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	115.12 (excluding)
Firefox	Mozilla	*	127.0 (excluding)
Thunderbird	Mozilla	*	115.12 (excluding)

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1891234
https://www.mozilla.org/security/advisories/mfsa2024-25/
https://www.mozilla.org/security/advisories/mfsa2024-26/
https://www.mozilla.org/security/advisories/mfsa2024-28/
https://bugzilla.mozilla.org/show_bug.cgi?id=1891234
https://www.mozilla.org/security/advisories/mfsa2024-25/
https://www.mozilla.org/security/advisories/mfsa2024-26/
https://www.mozilla.org/security/advisories/mfsa2024-28/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-5692
CWE	https://cwe.mitre.org/data/definitions/.html