Primary

Context

Mozilla Firefox Save As Function in Devtools Vulnerability Allows Unintended Execution of Malicious Files

Vulnerability

Patched

A vulnerability exists in Mozilla Firefox versions prior to 140, where the 'Save As' option in the Network tab of Devtools could download files without the proper file extension. This issue may have resulted in users accidentally executing a harmful program. The vulnerability arises because the response files were not saved with the '.download' extension, which is typically used to indicate a file is in the process of being downloaded and should not be opened until the download is complete.

Impact

This vulnerability could lead to the unintentional execution of malicious software on the user's device.

Remediation

Users can update to Firefox version 140 or later to address this vulnerability.

Added: Jun 24, 2025, 1:44 PM

Updated: Jun 24, 2025, 2:28 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.0

exploitability

4.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.0

exploitability

4.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox Save As Function in Devtools Vulnerability Allows Unintended Execution of Malicious Files

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating