CVE-2020-35112

CVE-2020-35112

Name

CVE-2020-35112

Description

If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2020-54/
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2020-55/
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2020-56/
Permissions Required	https://bugzilla.mozilla.org/show_bug.cgi?id=1661365

Type

URI

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2020-54/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2020-55/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2020-56/

Permissions Required

https://bugzilla.mozilla.org/show_bug.cgi?id=1661365

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
thunderbird	edge-community	78.6.1-r0	None	fixed
thunderbird	3.22-community	78.6.1-r0	None	fixed
thunderbird	3.21-community	78.6.1-r0	None	fixed
thunderbird	3.20-community	78.6.1-r0	None	fixed
thunderbird	3.19-community	78.6.1-r0	None	fixed
thunderbird	3.18-community	78.6.1-r0	None	fixed
thunderbird	3.17-community	78.6.1-r0	None	fixed
librewolf	edge-community	84.0.1-r0	None	fixed
librewolf	3.22-community	84.0.1-r0	None	fixed
librewolf	3.21-community	84.0.1-r0	None	fixed
firefox-esr	edge-community	78.6.0-r0	None	fixed
firefox-esr	3.22-community	78.6.0-r0	None	fixed
firefox-esr	3.21-community	78.6.0-r0	None	fixed
firefox-esr	3.20-community	78.6.0-r0	None	fixed
firefox-esr	3.19-community	78.6.0-r0	None	fixed
firefox-esr	3.18-community	78.6.0-r0	None	fixed
firefox-esr	3.17-community	78.6.0-r0	None	fixed
firefox	edge-community	84.0.1-r0	None	fixed
firefox	3.22-community	84.0.1-r0	None	fixed
firefox	3.21-community	84.0.1-r0	None	fixed
firefox	3.20-community	84.0.1-r0	None	fixed
firefox	3.19-community	84.0.1-r0	None	fixed
firefox	3.18-community	84.0.1-r0	None	fixed
firefox	3.17-community	84.0.1-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

thunderbird

edge-community

78.6.1-r0

None

fixed

thunderbird

3.22-community