CVE-2023-25747: 
NixOS vulnerability analysis and mitigation

CVE-2023-25747 is a high-severity use-after-free vulnerability discovered in Firefox for Android's libaudio component. The vulnerability was identified by Chris Peterson and affects Firefox for Android versions below 110.1.0, specifically when running on Android API versions below 30. This security issue is exclusive to Firefox for Android, with other Firefox versions remaining unaffected (Mozilla Advisory).

The vulnerability is characterized as a use-after-free issue in the libaudio component, specifically related to the AAudio backend functionality. It received a CVSS v3.1 base score of 7.5 (High), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue was identified in the soundtouch::TDStretch::seekBestOverlapPositionFull function (NVD).

The vulnerability poses a high-severity risk to affected systems, primarily impacting the availability of the application. The CVSS scoring indicates that while there is no impact on confidentiality or integrity, the vulnerability can significantly affect system availability (NVD).

Mozilla addressed this vulnerability by disabling the AAudio backend when running on Android API versions below 30. The fix was implemented in Firefox for Android version 110.1.0, released on February 28, 2023. Users are advised to update to this version or later to mitigate the vulnerability (Mozilla Advisory).