Mozilla Firefox Vulnerability: Tricked into Saving Files with Disallowed Extensions
CVE-2024-5692

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 11 June 2024

What is CVE-2024-5692?

On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as .url by including an invalid character in the extension. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Firefox < 127

Firefox ESR < 115.12

Thunderbird < 115.12

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1891234

https://www.mozilla.org/security/advisories/mfsa2024-25/

https://www.mozilla.org/security/advisories/mfsa2024-26/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
Jun 6, 2024

Credit

Raphael Shaniyazov

JSON

Mozilla

What is CVE-2024-5692?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.