How severe is CVE-2023-29541?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2023-29541?

This is classified as CWE-116, which is a common weakness in software security.

CVE-2023-29541 - HIGH Severity | CVSS 8.8

Vulnerability Description

Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

Related Vulnerabilities

CVE-2013-2011

HIGH

CVSS:8.8(High)

WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for...

CWE-1162013

CVE-2014-9938

HIGH

CVSS:8.8(High)

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

CWE-1162014

CVE-2018-8609

HIGH

CVSS:8.8(High)

A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dy...

CWE-1162018

CVE-2020-24972

HIGH

CVSS:8.8(High)

The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line op...

CWE-1162020

CVE-2020-26283

HIGH

CVSS:8.8(High)

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. ...

CWE-1162020

CVE-2021-32679

HIGH

CVSS:8.8(High)

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. Wh...

CWE-1162021