Описание
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 79.0+build1-0ubuntu0.18.04.1 |
| devel | released | 80.0.1+build1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | released | 79.0+build1-0ubuntu0.20.04.1 |
| groovy | released | 80.0.1+build1-0ubuntu1 |
| hirsute | released | 80.0.1+build1-0ubuntu1 |
| impish | released | 80.0.1+build1-0ubuntu1 |
| jammy | released | 80.0.1+build1-0ubuntu1 |
| kinetic | released | 80.0.1+build1-0ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/bionic | ignored | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/focal | ignored | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | ignored | |
| focal | ignored | |
| groovy | ignored | end of life |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE | |
| kinetic | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | ignored | |
| focal | ignored | |
| groovy | ignored | end of life |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE | |
| kinetic | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:78.8.1+build1-0ubuntu0.18.04.1 |
| devel | not-affected | 1:78.4.3+build1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | released | 1:78.7.1+build1-0ubuntu0.20.04.1 |
| groovy | not-affected | 1:78.3.2+build1-0ubuntu1 |
| hirsute | not-affected | 1:78.4.3+build1-0ubuntu1 |
| impish | not-affected | 1:78.4.3+build1-0ubuntu1 |
| jammy | not-affected | 1:78.4.3+build1-0ubuntu1 |
| kinetic | not-affected | 1:78.4.3+build1-0ubuntu1 |
Показывать по
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
The code for downloading files did not properly take care of special c ...
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
EPSS
4.3 Medium
CVSS2
6.5 Medium
CVSS3