CVE-2023-29545

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 112 Firefox ESR versions prior to 102.10 Thunderbird versions prior to 102.10

Description The issue is related to insufficient protection of internal data when handling the "Save Link As" dialog, allowing an attacker to gain unauthorized access to protected information. This occurs when suggested filenames contain environment variable names, which are resolved in the context of the current user. The vulnerability affects Firefox and Thunderbird on Windows, allowing a remote attacker to access confidential information in the system.

Recommendations For Firefox versions prior to 112: Update to version 112 or later to resolve the issue. For Firefox ESR versions prior to 102.10: Update to version 102.10 or later to resolve the issue. For Thunderbird versions prior to 102.10: Update to version 102.10 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the "Save Link As" feature with suggested filenames containing environment variable names until a patch is available.