Raphael Shaniyazov

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 127 Firefox ESR versions prior to 115.12 Thunderbird versions prior to 115.12 Description: The issue is related to insufficient input validation in the 'Save As' function of Mozilla Firefox, Firefox ESR, and Thunderbird on Windows operating systems. This could allow a remote attacker to impact the confidentiality and integrity of protected information by replacing characters in file extensions. The vulnerability can be exploited by tricking the browser into saving a file with a disallowed extension, such as `.url`, by including an invalid character in the extension. Recommendations: For Mozilla Firefox versions prior to 127, update to version 127 or later to resolve the issue. For Firefox ESR versions prior to 115.12, update to version 115.12 or later to resolve the issue. For Thunderbird versions prior to 115.12, update to version 115.12 or later to resolve the issue.