CVE-2024-5692
published 2024-06-11CVE-2024-5692: On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| debian | firefox-esr | — | — |
| debian | thunderbird | — | — |
| mozilla | firefox | < 115.12 | 115.12 |
| mozilla | firefox | < 127.0 | 127.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= unspecified < 127 | 127 |
| mozilla | firefox_esr | >= unspecified < 115.12 | 115.12 |
| mozilla | thunderbird | < 115.12 | 115.12 |
| mozilla | thunderbird | >= unspecified < 115.12 | 115.12 |
GHSA
GHSA-pqfc-h2m7-5p9p: On Windows, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such a
ghsa_unreviewed·2024-06-11
CVE-2024-5692 [MEDIUM] GHSA-pqfc-h2m7-5p9p: On Windows, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such a
On Windows, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12.
Red Hat
Mozilla: Bypass of file name restrictions during saving
vendor_redhat·2024-06-11·CVSS 6.5
CVE-2024-5692 [MEDIUM] CWE-20 Mozilla: Bypass of file name restrictions during saving
Mozilla: Bypass of file name restrictions during saving
On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
The Mozilla Foundation Security Advisory describes this flaw as:
On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems.
Debian
CVE-2024-5692: firefox - On Windows 10, when using the 'Save As' functionality, an attacker could have tr...
vendor_debian·2024·CVSS 6.5
CVE-2024-5692 [MEDIUM] CVE-2024-5692: firefox - On Windows 10, when using the 'Save As' functionality, an attacker could have tr...
On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2024-26: CVE-2024-5692
vendor_mozilla·CVSS 6.5
CVE-2024-5692 [MEDIUM] Mozilla Foundation Security Advisory 2024-26: CVE-2024-5692
Mozilla Foundation Security Advisory 2024-26
CVE: CVE-2024-5692
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 115.12
Mozilla
Mozilla Foundation Security Advisory 2024-28: CVE-2024-5692
vendor_mozilla·CVSS 6.5
CVE-2024-5692 [MEDIUM] Mozilla Foundation Security Advisory 2024-28: CVE-2024-5692
Mozilla Foundation Security Advisory 2024-28
CVE: CVE-2024-5692
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 115.12
Mozilla
Mozilla Foundation Security Advisory 2024-25: CVE-2024-5692
vendor_mozilla·CVSS 6.5
CVE-2024-5692 [MEDIUM] Mozilla Foundation Security Advisory 2024-25: CVE-2024-5692
Mozilla Foundation Security Advisory 2024-25
CVE: CVE-2024-5692
Product: Firefox
Impact: high
Fixed in: Firefox 127
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1891234https://www.mozilla.org/security/advisories/mfsa2024-25/https://www.mozilla.org/security/advisories/mfsa2024-26/https://www.mozilla.org/security/advisories/mfsa2024-28/https://bugzilla.mozilla.org/show_bug.cgi?id=1891234https://www.mozilla.org/security/advisories/mfsa2024-25/https://www.mozilla.org/security/advisories/mfsa2024-26/https://www.mozilla.org/security/advisories/mfsa2024-28/
2024-06-11
Published