CVE-2018-5173

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 60

Description The issue arises from the improper rendering of some Unicode characters in the filename displayed in the "Downloads" panel. This can lead to the file extension of potentially executable files being obscured from the user's view, although the full, correct filename and its executability status are shown in the file open dialog. The vulnerability can be exploited to conduct spoofing attacks.

Recommendations For versions prior to 60, update to version 60 or later to resolve the issue. As a temporary workaround, consider verifying the file type and extension through the file open dialog to ensure the file's authenticity before opening. Restrict access to potentially executable files downloaded from untrusted sources to minimize the risk of exploitation.