CVE-2024-9395
published 2024-10-01CVE-2024-9395: A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | — | — |
| mozilla | firefox | < 131.0 | 131.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= unspecified < 131 | 131 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
osv5.3MEDIUM
OSV
CVE-2024-9395: A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog
osv·2024-10-01·CVSS 5.3
CVE-2024-9395 [MEDIUM] CVE-2024-9395: A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
GHSA
GHSA-v2j8-2q45-8jcq: A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog
ghsa_unreviewed·2024-10-01
CVE-2024-9395 [MEDIUM] GHSA-v2j8-2q45-8jcq: A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
Red Hat
firefox: Specially crafted filename could be used to obscure download type
vendor_redhat·2024-10-01·CVSS 5.3
CVE-2024-9395 [MEDIUM] firefox: Specially crafted filename could be used to obscure download type
firefox: Specially crafted filename could be used to obscure download type
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog.
*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog.
Statement: This bug only affects Firefox Focus for Android. Firefox versions shipped by Red Hat are unaffected.
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Package: firefox (Red Hat Enterprise
Debian
CVE-2024-9395: firefox - A specially crafted filename containing a large number of spaces could obscure t...
vendor_debian·2024·CVSS 5.3
CVE-2024-9395 [MEDIUM] CVE-2024-9395: firefox - A specially crafted filename containing a large number of spaces could obscure t...
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.
Scope: local
sid: resolved
Mozilla
Mozilla Foundation Security Advisory 2024-46: CVE-2024-9395
vendor_mozilla·CVSS 5.3
CVE-2024-9395 [MEDIUM] Mozilla Foundation Security Advisory 2024-46: CVE-2024-9395
Mozilla Foundation Security Advisory 2024-46
CVE: CVE-2024-9395
Product: Firefox
Impact: high
Fixed in: Firefox 131
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-01
Published