File Handling Vulnerability in Firefox for Linux Distributions
CVE-2023-29541

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Focus for Android; Firefox ESR; Firefox for Android
Vendor: CVE Published:; 2 June 2023

Summary

A vulnerability in Firefox allows for improper handling of downloads of files with the .desktop extension, potentially enabling attackers to execute arbitrary commands. This issue specifically impacts users operating Firefox on certain Linux distributions, while other operating systems remain unaffected. Mozilla has identified affected versions, which include Firefox below version 112, Focus for Android below version 112, and Thunderbird below version 102.10, among others. Security measures are recommended for users on the affected platforms.

Affected Version(s)

Firefox < 112

Firefox ESR < 102.10

Firefox for Android < 112

References

https://www.mozilla.org/security/advisories/mfsa2023-15/

https://www.mozilla.org/security/advisories/mfsa2023-14/

https://www.mozilla.org/security/advisories/mfsa2023-13/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 2, 2023
Vulnerability Reserved
Apr 7, 2023