PT-2023-2794 · Mozilla+3 · Thunderbird+5

Axel Chong

+1

·

Published

2023-04-11

·

Updated

2024-12-12

·

CVE-2023-29545

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 112 Firefox ESR versions prior to 102.10 Thunderbird versions prior to 102.10
Description The issue is related to insufficient protection of internal data when handling the "Save Link As" dialog, allowing an attacker to gain unauthorized access to protected information. This occurs when suggested filenames contain environment variable names, which are resolved in the context of the current user. The vulnerability affects Firefox and Thunderbird on Windows, allowing a remote attacker to access confidential information in the system.
Recommendations For Firefox versions prior to 112: Update to version 112 or later to resolve the issue. For Firefox ESR versions prior to 102.10: Update to version 102.10 or later to resolve the issue. For Thunderbird versions prior to 102.10: Update to version 102.10 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the "Save Link As" feature with suggested filenames containing environment variable names until a patch is available.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2023-1621
ALT-PU-2023-1648
ALT-PU-2023-1649
ALT-PU-2023-1758
ALT-PU-2023-1765
ALT-PU-2023-1783
ALT-PU-2023-1797
ALT-PU-2023-1817
ALT-PU-2023-4365
ALT-PU-2023-4366
ALT-PU-2023-5202
ALT-PU-2023-5706
ALT-PU-2023-5754
ALT-PU-2023-7774
ALT-PU-2024-3614
BDU:2023-02692
CVE-2023-29545
OPENSUSE-SU-2024:12852-1
OPENSUSE-SU-2024:12856-1
OPENSUSE-SU-2024:12882-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2023:1817-1
SUSE-SU-2023:1819-1
SUSE-SU-2023:1855-1
SUSE-SU-2023:2064-1

Affected Products

Alt Linux
Firefox
Firefox Esr
Red Os
Suse
Thunderbird