CVE-2024-32986

Name of the Vulnerable Software and Affected Versions PWAsForFirefox versions prior to 2.12.0

Description The issue arises from improper sanitization of web app properties, such as name, description, and shortcuts, allowing malicious web apps to inject additional lines into XDG Desktop Entries on Linux and AppInfo.ini on PortableApps.com. This enables malicious web apps to introduce keys like Exec, which can run arbitrary code when the affected web app is launched. The vulnerability affects Linux and PortableApps.com users. There are no known workarounds for this issue.

Recommendations For PWAsForFirefox versions prior to 2.12.0, update to version 2.12.0 as soon as possible to fix the vulnerability. It is also recommended for Windows and macOS users to update to this version, as it contains additional fixes related to properties sanitization.