CVE-2023-29542
First published: Tue Apr 11 2023(Updated: )
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thunderbird | <102.10 | 102.10 |
| Firefox ESR | <102.10 | 102.10 |
| Firefox | <112 | 112 |
| All of | ||
| Firefox | =112 | |
| Android | ||
| All of | ||
| Mozilla Focus | =112 | |
| Android | ||
| All of | ||
| Any of | ||
| Firefox | <112.0 | |
| Firefox ESR | <102.10 | |
| Thunderbird | <102.10 | |
| Microsoft Windows Operating System | ||
| Firefox | <112.0 | |
| Firefox ESR | <102.10 | |
| Thunderbird | <102.10 | |
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1815062
- https://bugzilla.mozilla.org/show_bug.cgi?id=1810793
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29535
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/
- https://www.mozilla.org/security/advisories/mfsa2023-13/
- https://www.mozilla.org/security/advisories/mfsa2023-14/
- https://www.mozilla.org/security/advisories/mfsa2023-15/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-29531
- CVE-2023-29532
- CVE-2023-29533
- CVE-2023-1999
- CVE-2023-29535
- CVE-2023-29536
- CVE-2023-0547
- CVE-2023-29479
- CVE-2023-29539
- CVE-2023-29541
- CVE-2023-29542
- CVE-2023-29545
- CVE-2023-1945
- CVE-2023-29548
- CVE-2023-29550
- CVE-2023-29534
- CVE-2023-29537
- CVE-2023-29538
- CVE-2023-29540
- CVE-2023-29543
- CVE-2023-29544
- CVE-2023-29546
- CVE-2023-29547
- CVE-2023-29549
- CVE-2023-29551
Frequently Asked Questions
What is CVE-2023-29542?
CVE-2023-29542 is a vulnerability that could have been used to bypass file extension security mechanisms in Thunderbird on Windows, potentially leading to the accidental execution of malicious code.
Which software versions are affected by CVE-2023-29542?
The affected software versions are Thunderbird up to version 102.10 and Firefox ESR up to version 102.10.
What is the severity of CVE-2023-29542?
The severity of CVE-2023-29542 is classified as medium with a severity value of 4.
How can I fix CVE-2023-29542?
To fix CVE-2023-29542, ensure that you have updated Thunderbird to version 102.10 or later.
Where can I find more information about CVE-2023-29542?
You can find more information about CVE-2023-29542 in the references provided: [Link 1](https://bugzilla.mozilla.org/show_bug.cgi?id=1815062), [Link 2](https://bugzilla.mozilla.org/show_bug.cgi?id=1810793), [Link 3](https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/)
- agent/type
- agent/first-publish-date
- agent/references
- agent/description
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/trending
- agent/source
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/mozilla
- canonical/thunderbird
- canonical/firefox esr
- canonical/firefox
- version/firefox/112
- vendor/google
- canonical/android
- canonical/mozilla focus
- version/mozilla focus/112
- vendor/microsoft
- canonical/microsoft windows operating system