CVE-2023-29541 Information

Description

Firefox did not properly handle downloads of files ending in .desktop which can be interpreted to run attacker-controlled commands.
This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected and Mozilla is unable to enumerate all affected Linux Distributions.. This vulnerability affects Firefox < 112 Focus for Android < 112 Firefox ESR < 102.10 Firefox for Android < 112 and Thunderbird < 102.10.

Reference

https://www.mozilla.org/security/advisories/mfsa2023-14/ https://www.mozilla.org/security/advisories/mfsa2023-13/ https://bugzilla.mozilla.org/show_bug.cgi?id=1810191 https://www.mozilla.org/security/advisories/mfsa2023-15/