When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. *This bug only affects Firefox for Windows. Other operating systems are unaffected.* External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31739