CVE-2024-5692

{"id": "CVE-2024-5692", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-06-11T13:15:50.770", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1891234", "tags": ["Issue Tracking", "Exploit"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-25/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-26/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-28/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1891234", "tags": ["Issue Tracking", "Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-25/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-26/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2024-28/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12."}, {"lang": "es", "value": "En Windows, al utilizar la funci\u00f3n \"Guardar como\", un atacante podr\u00eda haber enga\u00f1ado al navegador para que guardara el archivo con una extensi\u00f3n no permitida como \".url\" al incluir un car\u00e1cter no v\u00e1lido en la extensi\u00f3n. *Nota:* Este problema solo afectaba a los sistemas operativos Windows. Otros sistemas operativos no se ven afectados. Esta vulnerabilidad afecta a Firefox &lt; 127 y Firefox ESR &lt; 115.12."}], "lastModified": "2025-03-27T20:07:17.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "vulnerable": true, "matchCriteriaId": "D355C34D-4006-4255-B767-0EC32BDD4409", "versionEndExcluding": "115.12"}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CF5E7C8-8673-4B56-AF92-44C08B086E02", "versionEndExcluding": "127.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96ED58CE-9E3C-4354-AB12-0F26C5906650", "versionEndExcluding": "115.12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@mozilla.org"}