CVE-2023-29542

Name
CVE-2023-29542
Description
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://www.mozilla.org/security/advisories/mfsa2023-14/
MISC https://www.mozilla.org/security/advisories/mfsa2023-13/
MISC https://bugzilla.mozilla.org/show_bug.cgi?id=1815062
MISC https://bugzilla.mozilla.org/show_bug.cgi?id=1810793
MISC https://www.mozilla.org/security/advisories/mfsa2023-15/

Match rules

CPE URI Source package Min version Max version

Vulnerable and fixed packages

Source package Branch Version Maintainer Status