CVE-2024-9395 — Mozilla Firefox vulnerability

7 documents7 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 47.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedOct 1

Description

A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 131.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5mozilla/firefoxunspecified — 131

▶NVDmozilla/firefox< 131.0

🔴Vulnerability Details

OSV

CVE-2024-9395: A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog↗2024-10-01

▶

CVEList

CVE-2024-9395: A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog↗2024-10-01

▶

GHSA

GHSA-v2j8-2q45-8jcq: A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog↗2024-10-01

▶

📋Vendor Advisories

Red Hat

firefox: Specially crafted filename could be used to obscure download type↗2024-10-01

▶

Debian

CVE-2024-9395: firefox - A specially crafted filename containing a large number of spaces could obscure t...↗2024

▶

Mozilla

Mozilla Foundation Security Advisory 2024-46: CVE-2024-9395↗

▶