CVE-2023-29545

Summary

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user.

This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected. This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 112affected
MozillaFirefox ESRunspecified < 102.10affected
MozillaThunderbirdunspecified < 102.10affected

Weaknesses

  • Windows Save As dialog resolved environment variables

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References