CVE-2023-4053: 
NixOS vulnerability analysis and mitigation

CVE-2023-4053 is a security vulnerability discovered in Mozilla Firefox that affects versions prior to Firefox 116, Firefox ESR < 115.2, and Thunderbird < 115.2. The vulnerability was disclosed on August 1, 2023. The issue involves a website's ability to obscure the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL (Mozilla Advisory).

The vulnerability is classified with a CVSS v3.1 base score of 6.5 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. The issue stems from improper handling of window focus and activation states when transitioning to fullscreen mode while external programs are launched. The vulnerability is related to the CWE-59 category (Improper Link Resolution Before File Access) (NVD).

The vulnerability could lead to user confusion and possible spoofing attacks. When exploited, an attacker could obscure the fullscreen notification, potentially misleading users about the current state of their browser and creating opportunities for social engineering attacks (Mozilla Advisory).

The vulnerability has been fixed in Firefox 116, Firefox ESR 115.2, and Thunderbird 115.2. Users are advised to update their browsers to these versions or later to mitigate the risk. The fix involves improving the handling of window focus and activation states when external programs are launched during fullscreen transitions (Mozilla Advisory).