Samuel Attard

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 84 Thunderbird versions prior to 78.6 Firefox ESR versions prior to 78.6 **Description** The issue is related to insufficient access control in Mozilla browsers, allowing a remote attacker to execute arbitrary code or cause a denial of service. On Windows, if a user downloads a file without an extension and opens it from the downloads panel, an executable file with the same name but with an executable extension (such as .bat or .exe) in the downloads directory would be launched instead. This issue only affects Windows operating systems. **Recommendations** For Firefox versions prior to 84, update to version 84 or later. For Thunderbird versions prior to 78.6, update to version 78.6 or later. For Firefox ESR versions prior to 78.6, update to version 78.6 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 86.0.4240.75 Windows (affected versions not specified) **Description** The issue is related to insufficient policy enforcement in downloads, allowing a remote attacker to execute arbitrary code via a crafted HTML page if the user is convinced to open files. This is due to errors in privilege management. **Recommendations** For Google Chrome versions prior to 86.0.4240.75, update to version 86.0.4240.75 or later to resolve the issue. For Windows, at the moment, there is no information about a newer version that contains a fix for this vulnerability.