CVE Vulnerabilities

CVE-2023-29539

NULL Pointer Dereference

Published: Jun 02, 2023 | Modified: Jun 21, 2023
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
8.8 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 112.0 (excluding)
Firefox_esr Mozilla * 102.10 (excluding)
Focus Mozilla * 112.0 (excluding)
Thunderbird Mozilla * 102.10 (excluding)
Red Hat Enterprise Linux 7 RedHat firefox-0:102.10.0-1.el7_9 *
Red Hat Enterprise Linux 7 RedHat thunderbird-0:102.10.0-2.el7_9 *
Red Hat Enterprise Linux 8 RedHat firefox-0:102.10.0-1.el8_7 *
Red Hat Enterprise Linux 8 RedHat thunderbird-0:102.10.0-2.el8_7 *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions RedHat firefox-0:102.10.0-1.el8_1 *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions RedHat thunderbird-0:102.10.0-2.el8_1 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat firefox-0:102.10.0-1.el8_2 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat thunderbird-0:102.10.0-2.el8_2 *
Red Hat Enterprise Linux 8.2 Telecommunications Update Service RedHat firefox-0:102.10.0-1.el8_2 *
Red Hat Enterprise Linux 8.2 Telecommunications Update Service RedHat thunderbird-0:102.10.0-2.el8_2 *
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions RedHat firefox-0:102.10.0-1.el8_2 *
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions RedHat thunderbird-0:102.10.0-2.el8_2 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat firefox-0:102.10.0-1.el8_4 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat thunderbird-0:102.10.0-2.el8_4 *
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat firefox-0:102.10.0-1.el8_6 *
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat thunderbird-0:102.10.0-2.el8_6 *
Red Hat Enterprise Linux 9 RedHat firefox-0:102.10.0-1.el9_1 *
Red Hat Enterprise Linux 9 RedHat thunderbird-0:102.10.0-2.el9_1 *
Red Hat Enterprise Linux 9.0 Extended Update Support RedHat firefox-0:102.10.0-1.el9_0 *
Red Hat Enterprise Linux 9.0 Extended Update Support RedHat thunderbird-0:102.10.0-2.el9_0 *
Firefox Ubuntu bionic *
Firefox Ubuntu focal *
Firefox Ubuntu trusty *
Firefox Ubuntu upstream *
Firefox Ubuntu xenial *
Mozjs38 Ubuntu bionic *
Mozjs38 Ubuntu esm-apps/bionic *
Mozjs38 Ubuntu upstream *
Mozjs52 Ubuntu bionic *
Mozjs52 Ubuntu esm-apps/focal *
Mozjs52 Ubuntu esm-infra/bionic *
Mozjs52 Ubuntu focal *
Mozjs52 Ubuntu upstream *
Mozjs68 Ubuntu focal *
Mozjs68 Ubuntu upstream *
Mozjs78 Ubuntu esm-apps/jammy *
Mozjs78 Ubuntu jammy *
Mozjs78 Ubuntu kinetic *
Mozjs78 Ubuntu lunar *
Mozjs78 Ubuntu upstream *
Mozjs91 Ubuntu jammy *
Mozjs91 Ubuntu upstream *
Thunderbird Ubuntu bionic *
Thunderbird Ubuntu focal *
Thunderbird Ubuntu jammy *
Thunderbird Ubuntu kinetic *
Thunderbird Ubuntu trusty *
Thunderbird Ubuntu xenial *

Potential Mitigations

References