What is CVE-2023-29539?

CVE-2023-29539 is a vulnerability that affects Firefox and Thunderbird, allowing for reflected file download attacks potentially tricking users to install malware.

Which software versions are affected by CVE-2023-29539?

Firefox versions less than 112, Thunderbird versions less than 102.10, and some Ubuntu and Debian packages are affected.

What is the severity of CVE-2023-29539?

CVE-2023-29539 has a severity level of medium.

How can I fix CVE-2023-29539?

To fix CVE-2023-29539, update your Firefox or Thunderbird to version 112 or higher, and update any affected Ubuntu or Debian packages to the recommended versions.

Where can I find more information about CVE-2023-29539?

You can find more information about CVE-2023-29539 on the Mozilla website and the Bugzilla page.

Vulnerability/
CVE-2023-29539

high

8.8

CWE

476

11/4/2023

2/6/2023

2/8/2024

CVE-2023-29539: Null Pointer Dereference

First published: Tue Apr 11 2023(Updated: )

Last updated 24 July 2024

Credit: security@mozilla.org security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Firefox ESR	<102.10	102.10
Mozilla Thunderbird	<102.10	102.10
Mozilla Firefox	<112	112
All of
Mozilla Firefox	=112
Google Android
All of
Mozilla Focus	=112
Google Android
Mozilla Firefox	<112.0
Mozilla Firefox	<112.0
Mozilla Firefox ESR	<102.10
Mozilla Focus	<112.0
Mozilla Thunderbird	<102.10
debian/firefox		131.0-1
debian/firefox-esr		115.14.0esr-1~deb11u1 128.3.0esr-1~deb11u2 115.14.0esr-1~deb12u1 128.3.0esr-1~deb12u1 115.15.0esr-1 128.3.0esr-2
debian/thunderbird		1:115.12.0-1~deb11u1 1:115.15.0-1~deb11u1 1:115.12.0-1~deb12u1 1:115.15.0-1~deb12u1 1:128.2.0esr-1 1:128.3.0esr-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2023-29539?
CVE-2023-29539 is a vulnerability that affects Firefox and Thunderbird, allowing for reflected file download attacks potentially tricking users to install malware.
Which software versions are affected by CVE-2023-29539?
Firefox versions less than 112, Thunderbird versions less than 102.10, and some Ubuntu and Debian packages are affected.
What is the severity of CVE-2023-29539?
CVE-2023-29539 has a severity level of medium.
How can I fix CVE-2023-29539?
To fix CVE-2023-29539, update your Firefox or Thunderbird to version 112 or higher, and update any affected Ubuntu or Debian packages to the recommended versions.
Where can I find more information about CVE-2023-29539?
You can find more information about CVE-2023-29539 on the Mozilla website and the Bugzilla page.

collector/nvd-latest
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/mozilla-advisory
agent/software-canonical-lookup-request
agent/author
source/Mozilla
agent/software-canonical-lookup
agent/severity
agent/weakness
agent/description
collector/nvd-cve
source/NVD
collector/nvd-index
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/mozilla
canonical/mozilla firefox esr
canonical/mozilla thunderbird
canonical/mozilla firefox
version/mozilla firefox/112
vendor/google
canonical/google android
canonical/mozilla focus
version/mozilla focus/112
package-manager/debian