Main Vulnerability Database Vulnerabilities #VU74832

#VU74832 Security features bypass in Mozilla Firefox and Firefox ESR - CVE-2023-29542

Published: April 11, 2023

Vulnerability identifier: #VU74832

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-29542

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox
Firefox ESR

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper handling of newline in a filename. A remote attacker can bypass the file extension security mechanisms that replaces dangerous file extensions such as .lnk with .download and potentially compromise the affected system.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/

#VU74832 Security features bypass in Mozilla Firefox and Firefox ESR - CVE-2023-29542

Description

Remediation

External links

Please verify you're human