CVE-2023-25731: 
NixOS vulnerability analysis and mitigation

CVE-2023-25731 is a security vulnerability discovered in Firefox versions prior to 110, disclosed in February 2023. The vulnerability stems from URL previews in the network panel of developer tools improperly storing URLs, where query parameters could potentially be used to overwrite global objects in privileged code (Mozilla Advisory, NVD).

The vulnerability occurs when the network panel's URL preview functionality processes query parameters containing 'proto', which could lead to prototype pollution in privileged code. The issue was discovered during a CTF challenge and affects the Developer Tools' Network panel. The vulnerability has a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

When exploited, the vulnerability could cause the Network panel to crash and potentially allow manipulation of global objects in privileged code. The impact was classified as 'low' by Mozilla, though the CVSS score suggests potentially higher severity if successfully exploited (Mozilla Advisory).

The vulnerability was fixed in Firefox version 110. The fix involved making the object used to consolidate the URL query a simple dictionary by removing the prototype chain, preventing the prototype pollution issue. Users are advised to upgrade to Firefox version 110 or later (Mozilla Advisory).