Mozilla Firefox 127, Mozilla Firefox ESR 115.12, and Mozilla Thunderbird 115.12.0 : On Windows, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as .url by including an invalid character in the extension. Note: This issue only affected Windows operating systems. Other operating systems are unaffected.