CVE-2023-25735: 
NixOS vulnerability analysis and mitigation

CVE-2023-25735 is a high-severity vulnerability discovered in Mozilla Firefox, Firefox ESR, and Thunderbird that affects versions prior to Firefox 110, Firefox ESR 102.8, and Thunderbird 102.8. The vulnerability was identified by security researcher Samuel Groß and involves cross-compartment wrappers wrapping a scripted proxy that could cause objects from other compartments to be stored in the main compartment, resulting in a use-after-free condition after unwrapping the proxy (Mozilla Advisory).

The vulnerability stems from a compartment mismatch in SpiderMonkey, Mozilla's JavaScript engine. When a cross-compartment wrapper wraps a scripted proxy, objects from different compartments could be incorrectly stored in the main compartment. This occurs specifically when handling error.stack and proxies, where unwrapping a CCW (Cross-Compartment Wrapper) containing a scripted proxy leads to improper compartment handling. The issue has a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability could potentially lead to use-after-free conditions, which typically allow attackers to execute arbitrary code or cause program crashes. The high CVSS score indicates that successful exploitation could result in significant impacts on confidentiality, integrity, and availability of the affected systems (Mozilla Advisory).

The vulnerability has been patched in Firefox 110, Firefox ESR 102.8, and Thunderbird 102.8. Users are advised to update to these versions or later to mitigate the risk. The fix involved refactoring the FindErrorInstanceOrPrototype function to prevent calling GetPrototype on unwrapped CCWs (Mozilla Advisory).