CVE-2020-35112 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Arbitrary command execution
Description	If a user downloaded a file lacking an extension on Firefox for Windows before 84.0 or Thunderbird for Windows before 78.6, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1366	thunderbird	78.5.1-1		Low	Not affected
AVG-1364	firefox	83.0-2	84.0-1	Low	Not affected

References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35112 https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35112 https://bugzilla.mozilla.org/show_bug.cgi?id=1661365

References

https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35112
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35112
https://bugzilla.mozilla.org/show_bug.cgi?id=1661365