Login Sign Up

CVE-2020-35112

8.8 HIGH

📋 TL;DR

This vulnerability allows attackers to execute malicious code on Windows systems when users download files without extensions and open them from Firefox/Thunderbird's downloads panel. If an executable file with the same name exists in the downloads directory, it will run instead of the intended file. This affects Firefox, Thunderbird, and Firefox ESR users on Windows.

💻 Affected Systems

Products:
  • Firefox
  • Thunderbird
  • Firefox ESR
Versions: Firefox < 84, Thunderbird < 78.6, Firefox ESR < 78.6
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Windows. Requires user interaction (opening downloaded file from downloads panel).

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox Esr by Mozilla

View all CVEs affecting Firefox Esr →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Malware execution leading to credential theft, data exfiltration, or system disruption.

🟢

If Mitigated

No impact if patched or if users avoid opening downloaded files without extensions from the downloads panel.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction and specific conditions (downloaded file without extension + matching executable in downloads directory).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 84, Thunderbird 78.6, Firefox ESR 78.6

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2020-54/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu > Help > About Firefox/Thunderbird. 3. Allow automatic update to version 84 (Firefox) or 78.6 (Thunderbird/ESR). 4. Restart browser when prompted.

🔧 Temporary Workarounds

Disable automatic opening of downloaded files

windows

Prevent files from opening automatically after download

In Firefox: about:preferences#general > Applications > Set 'Always ask' for file types

Use alternative browser temporarily

windows

Switch to updated or unaffected browser until patched

🧯 If You Can't Patch

  • Educate users to never open downloaded files directly from downloads panel - save first then open from file explorer
  • Implement application whitelisting to block unauthorized executables from running

🔍 How to Verify

Check if Vulnerable:

Check browser version: Firefox < 84, Thunderbird < 78.6, or Firefox ESR < 78.6 on Windows

Check Version:

In Firefox/Thunderbird: about:support > Application Basics > Version

Verify Fix Applied:

Confirm browser version is Firefox ≥84, Thunderbird ≥78.6, or Firefox ESR ≥78.6

📡 Detection & Monitoring

Log Indicators:

  • Unexpected executable launches from downloads directory
  • Browser crash reports from vulnerable versions

Network Indicators:

  • Downloads of files without extensions followed by executable execution

SIEM Query:

source="windows-security" EventID=4688 ProcessName="*.exe" OR "*.bat" ParentProcess="firefox.exe" OR "thunderbird.exe"

📊 Metadata

CVE ID: CVE-2020-35112
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: January 7, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON