PT-2023-2792 · Mozilla+3 · Firefox Esr+5

Ameen Basha M K

+1

·

Publicado

2023-04-11

·

Atualizado

2024-12-12

·

CVE-2023-29542

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 112 Mozilla Firefox ESR versions prior to 102.10 Mozilla Thunderbird versions prior to 102.10
Description The issue is related to the incorrect handling of a newline in a filename, which could allow a remote attacker to bypass file extension security mechanisms. This mechanism replaces malicious file extensions, such as .lnk, with .download. The bypass could lead to the accidental execution of malicious code. This bug only affects Firefox and Thunderbird on Windows, with other versions of these applications being unaffected.
Recommendations For Mozilla Firefox versions prior to 112, update to version 112 or later. For Mozilla Firefox ESR versions prior to 102.10, update to version 102.10 or later. For Mozilla Thunderbird versions prior to 102.10, update to version 102.10 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-254

Identificadores relacionados

ALT-PU-2023-1621
ALT-PU-2023-1648
ALT-PU-2023-1649
ALT-PU-2023-1758
ALT-PU-2023-1765
ALT-PU-2023-1783
ALT-PU-2023-1797
ALT-PU-2023-1817
ALT-PU-2023-4365
ALT-PU-2023-4366
ALT-PU-2023-5202
BDU:2023-02690
CVE-2023-29542
OPENSUSE-SU-2024:12852-1
OPENSUSE-SU-2024:12856-1
OPENSUSE-SU-2024:12882-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2023:1817-1
SUSE-SU-2023:1819-1
SUSE-SU-2023:1855-1
SUSE-SU-2023:2064-1

Produtos afetados

Alt Linux
Firefox
Firefox Esr
Thunderbird
Red Os
Suse