CVE-2020-35112 - log back

CVE-2020-35112 edited at 15 Dec 2020 17:25:49
Description
- If a user downloaded a file lacking an extension on Firefox for Windows before 84.0, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead.
+ If a user downloaded a file lacking an extension on Firefox for Windows before 84.0 or Thunderbird for Windows before 78.6, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35112
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35112
https://bugzilla.mozilla.org/show_bug.cgi?id=1661365
CVE-2020-35112 edited at 15 Dec 2020 17:10:00
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary command execution
Description
+ If a user downloaded a file lacking an extension on Firefox for Windows before 84.0, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35112
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1661365
Notes
CVE-2020-35112 created at 15 Dec 2020 16:48:51