What is CVE-2023-29539?

CVE-2023-29539 is a vulnerability in Mozilla Firefox. Published 2023-06-02.

Is CVE-2023-29539 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mozilla Firefox

CVE-2023-29539

When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to instal…

EPSS: 0.002 (44.8th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox — versions unspecified
Mozilla Firefox Esr — versions unspecified
Mozilla Firefox For Android — versions unspecified
Mozilla Focus For Android — versions unspecified
Mozilla Thunderbird — versions unspecified

Public proof-of-concept exploits

RENANZG/My-Debian-GNU-Linux
em1ga3l/cve-msrc-extractor

References

www.mozilla.org/security/advisories/mfsa2023-15/
www.mozilla.org/security/advisories/mfsa2023-14/
www.mozilla.org/security/advisories/mfsa2023-13/
bugzilla.mozilla.org/show_bug.cgi

Frequently asked questions

What is CVE-2023-29539?: CVE-2023-29539 is a vulnerability in Mozilla Firefox. Published 2023-06-02.
Is CVE-2023-29539 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.