CVE-2020-35112

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-35112
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35112.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-35112
Downstream
Related
Published
2021-01-07T14:15:12.517Z
Modified
2026-03-14T10:25:32.488418Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

References

Affected packages

Git /

Affected ranges

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35112.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "84.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "78.6.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "78.6.0"
            }
        ]
    }
]