vulnerability

MFSA2023-13 Firefox: Security Vulnerabilities fixed in Firefox 112, Firefox for Android 112, Focus for Android 112 (CVE-2023-29542)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Apr 11, 2023	Apr 12, 2023	Mar 27, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Apr 11, 2023

Added

Apr 12, 2023

Modified

Mar 27, 2026

Description

A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code.

*This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

Solution

mozilla-firefox-upgrade-112_0

References

CVE-2023-29542
https://attackerkb.com/topics/CVE-2023-29542
EUVD-EUVD-2023-33084
http://www.mozilla.org/security/announce/2023/mfsa2023-13.html
https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-33084

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report