I've included an image that shows what happens when I save a file with '%' characters in the filename.

The original file name is: [sound=https%3A%2F%2Ffiles.catbox.moe%2Fb5wg0l.mp3].gif

but when I save the file and choose a folder to save it to, the file is changed to: [sound=https_3A_2F_2Ffiles.catbox.moe_2Fb5wg0l.mp3].gif

Can you share an example file link?

Can you share an example file link?

Sure, I've uploaded this image named 'test %%%' https://mega.nz/file/h5FkjKbZ#bd8IGj_tze7tuIxKrQIYUchnwe6bA5XR3gP2spbwe_Q

I tried saving it myself, and as shown in my attached image, it shows up as 'test ___' when saving the file.

Edit: Adding onto this, but I experience the same issue even when disabling all add-ons.

Works for me. see screenshot What security software are your running?

Works for me. see screenshot What security software are your running?

I'm using Windows Defender. I tried reinstalling Firefox (without uninstalling in order to preserve my saved tabs, settings and addons) but the issue still persists.

Just in case it could help, I'll include my OS details: Microsoft Windows 10 Home x64, Version 10.0.19045 Build 19045

I created a secondary profile using about:profiles, and the issue isn't present in the new profile, so it has something to do with my settings, but I'd rather not lose all my settings to fix this annoying issue.

The "%" symbols are replaced for security reasons in the save dialog when you have "Always ask you where to save files" enabled . Do you have a specific use case for preserving them?

The "%" symbols are replaced for security reasons in the save dialog when you have "Always ask you where to save files" enabled . Do you have a specific use case for preserving them?

Wow, good to know. Is there a setting in about:config or someplace else where I can disable that security feature? I'd like to keep preserving '%' characters in filenames as I sometimes download files in which the % in the filename is necessary. I'd also like to be able to keep choosing where I save each individual file for organizational purposes.

This is a high impact security fix that is not configurable.

CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. This bug only affects Firefox for Windows. Other operating systems are unaffected.

CVE-2022-31739

This is a high impact security fix that is not configurable.

CVE-2022-31739: Attacker-influenced path traversal when saving downloaded files When downloading files on Windows, the % character was not escaped, which could have lead to a download incorrectly being saved to attacker-influenced paths that used variables such as %HOMEPATH% or %APPDATA%. This bug only affects Firefox for Windows. Other operating systems are unaffected.

CVE-2022-31739

Thanks for linking the thread regarding the bug. I'm not familiar with what's being discussed or how the bug resolving process works, is the '%' changing into '_' a temporary solution or is the issue considered fully resolved? I'd like to know if the developers plan to actually fix it, instead of applying a band-aid solution.