CVE-2018-5173

Source
Severity Medium
Remote Yes
Type Content spoofing
Description
The filename appearing in the Downloads panel in Firefox before 60.0 improperly renders some Unicode characters, allowing for the file name to be spoofed. This can be used to obscure the file extension of potentially executable files from user view in the panel.
Group Package Affected Fixed Severity Status Ticket
AVG-693 firefox 59.0.2-3 60.0-1 Critical Fixed
Date Advisory Group Package Severity Description
13 May 2018 ASA-201805-10 AVG-693 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5173
https://bugzilla.mozilla.org/show_bug.cgi?id=1438025