nvd-json-data-feeds/CVE-2023/CVE-2023-295xx/CVE-2023-29545.json

{
  "id": "CVE-2023-29545",
  "sourceIdentifier": "security@mozilla.org",
  "published": "2023-06-19T11:15:09.890",
  "lastModified": "2023-06-27T08:51:49.257",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. \n\n*This bug only affects Firefox and\u00a0Thunderbird on Windows. Other versions of Firefox and\u00a0Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.\n\n"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "112.0",
              "matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "102.10",
              "matchCriteriaId": "03736567-251A-4F75-992E-AB7C957FB587"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "102.10",
              "matchCriteriaId": "7C8C9D9E-9BDA-475D-B7D6-10D1C6E9DD72"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1823077",
      "source": "security@mozilla.org",
      "tags": [
        "Permissions Required"
      ]
    },
    {
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-14/",
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-15/",
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}
Auto-Update: 2023-06-19T12:00:26.464934+00:00 2023-06-19 12:00:30 +00:00			`{`
			`"id": "CVE-2023-29545",`
			`"sourceIdentifier": "security@mozilla.org",`
			`"published": "2023-06-19T11:15:09.890",`
Auto-Update: 2023-06-27T10:00:26.620084+00:00 2023-06-27 10:00:30 +00:00			`"lastModified": "2023-06-27T08:51:49.257",`
			`"vulnStatus": "Analyzed",`
Auto-Update: 2024-07-14T02:00:17.787041+00:00 2024-07-14 02:06:08 +00:00			`"cveTags": [],`
Auto-Update: 2023-06-19T12:00:26.464934+00:00 2023-06-19 12:00:30 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. \n\nThis bug only affects Firefox and\u00a0Thunderbird on Windows. Other versions of Firefox and\u00a0Thunderbird are unaffected. This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.\n\n"`
			`}`
			`],`
Auto-Update: 2023-06-27T10:00:26.620084+00:00 2023-06-27 10:00:30 +00:00			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "REQUIRED",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 6.5,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 3.6`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "NVD-CWE-noinfo"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:mozilla:firefox::::::::",`
			`"versionEndExcluding": "112.0",`
			`"matchCriteriaId": "8C6578F4-B46C-473F-8A17-CA6026C32FBE"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:mozilla:firefox_esr::::::::",`
			`"versionEndExcluding": "102.10",`
			`"matchCriteriaId": "03736567-251A-4F75-992E-AB7C957FB587"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:mozilla:thunderbird::::::::",`
			`"versionEndExcluding": "102.10",`
			`"matchCriteriaId": "7C8C9D9E-9BDA-475D-B7D6-10D1C6E9DD72"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-06-19T12:00:26.464934+00:00 2023-06-19 12:00:30 +00:00			`"references": [`
			`{`
			`"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1823077",`
Auto-Update: 2023-06-27T10:00:26.620084+00:00 2023-06-27 10:00:30 +00:00			`"source": "security@mozilla.org",`
			`"tags": [`
			`"Permissions Required"`
			`]`
Auto-Update: 2023-06-19T12:00:26.464934+00:00 2023-06-19 12:00:30 +00:00			`},`
			`{`
			`"url": "https://www.mozilla.org/security/advisories/mfsa2023-13/",`
Auto-Update: 2023-06-27T10:00:26.620084+00:00 2023-06-27 10:00:30 +00:00			`"source": "security@mozilla.org",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-06-19T12:00:26.464934+00:00 2023-06-19 12:00:30 +00:00			`},`
			`{`
			`"url": "https://www.mozilla.org/security/advisories/mfsa2023-14/",`
Auto-Update: 2023-06-27T10:00:26.620084+00:00 2023-06-27 10:00:30 +00:00			`"source": "security@mozilla.org",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-06-19T12:00:26.464934+00:00 2023-06-19 12:00:30 +00:00			`},`
			`{`
			`"url": "https://www.mozilla.org/security/advisories/mfsa2023-15/",`
Auto-Update: 2023-06-27T10:00:26.620084+00:00 2023-06-27 10:00:30 +00:00			`"source": "security@mozilla.org",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-06-19T12:00:26.464934+00:00 2023-06-19 12:00:30 +00:00			`}`
			`]`
			`}`