Similar to CVE-2023-28163, this time when choosing โSave Link Asโ, suggested filenames containing environment variable names would have resolved those in the context of the current user.
This bug only affects Firefox andย Thunderbird on Windows. Other versions of Firefox andย Thunderbird are unaffected. This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
[
{
"defaultStatus": "unaffected",
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "112",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]