← voltar
CVE-2023-29542

CVE-2023-29542

CVSS 9.8 CRITICALEPSS 0.9%
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.8EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
19 jun 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Mozilla · FirefoxMozilla · Firefox ESRMozilla · Thunderbird

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://bugzilla.mozilla.org/show_bug.cgi?id=1810793https://bugzilla.mozilla.org/show_bug.cgi?id=1815062https://www.mozilla.org/security/advisories/mfsa2023-13/https://www.mozilla.org/security/advisories/mfsa2023-14/https://www.mozilla.org/security/advisories/mfsa2023-15/