Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-m92a-91pv-dffv
Vulnerability ID VCID-m92a-91pv-dffv
Aliases CVE-2020-35112
Summary If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead.*Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35112.json
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2020-35112
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2020-35112
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2020-35112
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2020-35112
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2020-35112
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2020-35112
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2020-35112
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2020-35112
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2020-35112
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2020-35112
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2020-35112
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2020-35112
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2020-35112
epss 0.00532 https://api.first.org/data/v1/epss?cve=CVE-2020-35112
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux Low https://security.archlinux.org/AVG-1364
archlinux Low https://security.archlinux.org/AVG-1366
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2020-54
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2020-55
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2020-56
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35112.json
https://api.first.org/data/v1/epss?cve=CVE-2020-35112
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1908028 https://bugzilla.redhat.com/show_bug.cgi?id=1908028
AVG-1364 https://security.archlinux.org/AVG-1364
AVG-1366 https://security.archlinux.org/AVG-1366
mfsa2020-54 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54
mfsa2020-55 https://www.mozilla.org/en-US/security/advisories/mfsa2020-55
mfsa2020-56 https://www.mozilla.org/en-US/security/advisories/mfsa2020-56
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35112.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.67228
EPSS Score 0.00532
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:17:04.140257+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2020/mfsa2020-54.yml 38.0.0