{"api_version":"1","generated_at":"2026-04-23T05:07:30+00:00","cve":"CVE-2023-29542","urls":{"html":"https://cve.report/CVE-2023-29542","api":"https://cve.report/api/cve/CVE-2023-29542.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-29542","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-29542"},"summary":{"title":"CVE-2023-29542","description":"A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk  with .download. This could have led to accidental execution of malicious code.\n\n*This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2023-06-19 11:15:00","updated_at":"2023-06-27 08:51:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2023-13/","name":"https://www.mozilla.org/security/advisories/mfsa2023-13/","refsource":"MISC","tags":[],"title":"Security Vulnerabilities fixed in Firefox 112, Firefox for Android 112, Focus for Android 112 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1810793","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1810793","refsource":"MISC","tags":[],"title":"Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1815062","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1815062","refsource":"MISC","tags":[],"title":"Access Denied","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2023-14/","name":"https://www.mozilla.org/security/advisories/mfsa2023-14/","refsource":"MISC","tags":[],"title":"Security Vulnerabilities fixed in Firefox ESR 102.10 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2023-15/","name":"https://www.mozilla.org/security/advisories/mfsa2023-15/","refsource":"MISC","tags":[],"title":"Security Vulnerabilities fixed in Thunderbird 102.10 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-29542","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29542","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"29542","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"29542","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"29542","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"29542","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-29542","qid":"378383","title":"Mozilla Firefox Multiple Vulnerabilities (MFSA2023-13)"},{"cve":"CVE-2023-29542","qid":"378384","title":"Mozilla Firefox ESR Multiple Vulnerabilities (MFSA2023-14)"},{"cve":"CVE-2023-29542","qid":"378387","title":"Mozilla Thunderbird Multiple Vulnerabilities (MFSA2023-15)"},{"cve":"CVE-2023-29542","qid":"503446","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2023-29542","qid":"506054","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2023-29542","qid":"753906","title":"SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:1819-1)"},{"cve":"CVE-2023-29542","qid":"753907","title":"SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:1817-1)"},{"cve":"CVE-2023-29542","qid":"753909","title":"SUSE Enterprise Linux Security Update for MozillaFirefox (SUSE-SU-2023:1855-1)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-29542","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk  with .download. This could have led to accidental execution of malicious code.\n\n*This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.\n\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Bypass of file download extension restrictions"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Firefox","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"112"}]}},{"product_name":"Firefox ESR","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"102.10"}]}},{"product_name":"Thunderbird","version":{"version_data":[{"version_affected":"<","version_name":"unspecified","version_value":"102.10"}]}}]}}]}},"references":{"reference_data":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1810793","refsource":"MISC","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1810793"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1815062","refsource":"MISC","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1815062"},{"url":"https://www.mozilla.org/security/advisories/mfsa2023-13/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2023-13/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2023-14/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2023-14/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2023-15/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2023-15/"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"credits":[{"lang":"en","value":"Shaheen Fazim and Ameen Basha M K"}]},"nvd":{"publishedDate":"2023-06-19 11:15:00","lastModifiedDate":"2023-06-27 08:51:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"112.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","versionEndExcluding":"102.10","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"102.10","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}