File Handling Vulnerability in Firefox for Linux Distributions
CVE-2023-29541

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Focus for Android; Firefox ESR; Firefox for Android
Vendor: CVE Published:; 2 June 2023

What is CVE-2023-29541?

A vulnerability in Firefox allows for improper handling of downloads of files with the .desktop extension, potentially enabling attackers to execute arbitrary commands. This issue specifically impacts users operating Firefox on certain Linux distributions, while other operating systems remain unaffected. Mozilla has identified affected versions, which include Firefox below version 112, Focus for Android below version 112, and Thunderbird below version 102.10, among others. Security measures are recommended for users on the affected platforms.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Firefox < 112

Firefox ESR < 102.10

Firefox for Android < 112

References

https://www.mozilla.org/security/advisories/mfsa2023-15/

https://www.mozilla.org/security/advisories/mfsa2023-14/

https://www.mozilla.org/security/advisories/mfsa2023-13/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 2, 2023
Vulnerability Reserved
Apr 7, 2023

JSON

Mozilla

What is CVE-2023-29541?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.