The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15658
Acknowledgments: Name: the Mozilla project Upstream: belden
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15658
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:3555 https://access.redhat.com/errata/RHSA-2020:3555
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3557 https://access.redhat.com/errata/RHSA-2020:3557
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3559 https://access.redhat.com/errata/RHSA-2020:3559
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4080 https://access.redhat.com/errata/RHSA-2020:4080