CVE-2020-35112 log

Source
Severity Low
Remote Yes
Type Arbitrary command execution
Description
If a user downloaded a file lacking an extension on Firefox for Windows before 84.0 or Thunderbird for Windows before 78.6, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead.
Group Package Affected Fixed Severity Status Ticket
AVG-1366 thunderbird 78.5.1-1 Low Not affected
AVG-1364 firefox 83.0-2 84.0-1 Low Not affected
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35112
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35112
https://bugzilla.mozilla.org/show_bug.cgi?id=1661365