CVE-2020-15658 log

Source
Severity Low
Remote Yes
Type Content spoofing
Description
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
Group Package Affected Fixed Severity Status Ticket
AVG-1214 thunderbird 68.11.0-1 68.12.0-1 High Fixed
AVG-1213 firefox 78.0.2-1 79.0-1 High Fixed
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15658