{"id":"CVE-2023-29545","details":"Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. \n\n*This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox \u003c 112, Firefox ESR \u003c 102.10, and Thunderbird \u003c 102.10.\n\n","modified":"2026-03-14T12:04:55.800239Z","published":"2023-06-19T11:15:09.890Z","related":["SUSE-SU-2023:1817-1","SUSE-SU-2023:1819-1","SUSE-SU-2023:1855-1","SUSE-SU-2023:2064-1","openSUSE-SU-2024:12852-1","openSUSE-SU-2024:12856-1","openSUSE-SU-2024:12882-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-13/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-14/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-15/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1823077"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"112.0"}]},{"events":[{"introduced":"0"},{"fixed":"102.10"}]},{"events":[{"introduced":"0"},{"fixed":"102.10"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29545.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}