CVE-2023-29539 Information

Description

When handling the filename directive in the Content-Disposition header the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112 Focus for Android < 112 Firefox ESR < 102.10 Firefox for Android < 112 and Thunderbird < 102.10.

Reference

https://www.mozilla.org/security/advisories/mfsa2023-14/ https://www.mozilla.org/security/advisories/mfsa2023-13/ https://bugzilla.mozilla.org/show_bug.cgi?id=1784348 https://www.mozilla.org/security/advisories/mfsa2023-15/