{"id":"CVE-2023-29539","details":"When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox \u003c 112, Focus for Android \u003c 112, Firefox ESR \u003c 102.10, Firefox for Android \u003c 112, and Thunderbird \u003c 102.10.","modified":"2026-04-16T00:03:50.557188305Z","published":"2023-06-02T17:15:12.607Z","related":["ALSA-2023:1786","ALSA-2023:1787","ALSA-2023:1802","ALSA-2023:1809","SUSE-SU-2023:1817-1","SUSE-SU-2023:1819-1","SUSE-SU-2023:1855-1","SUSE-SU-2023:2064-1","openSUSE-SU-2024:12852-1","openSUSE-SU-2024:12856-1","openSUSE-SU-2024:12882-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-13/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-14/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2023-15/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1784348"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"112.0"}]},{"events":[{"introduced":"0"},{"fixed":"112.0"}]},{"events":[{"introduced":"0"},{"fixed":"102.10"}]},{"events":[{"introduced":"0"},{"fixed":"112.0"}]},{"events":[{"introduced":"0"},{"fixed":"102.10"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-29539.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}