CVE-2023-4574: 
NixOS vulnerability analysis and mitigation

CVE-2023-4574 is a high-severity use-after-free vulnerability discovered in Mozilla Firefox and Thunderbird. The vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. The issue was discovered by security researcher sonakkbi and disclosed in August 2023 (Mozilla Advisory).

The vulnerability occurs when creating a callback over IPC (Inter-Process Communication) for showing the Color Picker window. Multiple identical callbacks could be created simultaneously and all would be destroyed as soon as one of the callbacks finished, leading to a use-after-free condition. This could potentially result in an exploitable crash. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).

The vulnerability could lead to a potentially exploitable crash due to use-after-free memory corruption. If successfully exploited, this could result in arbitrary code execution within the context of the affected application. The issue is particularly concerning as it affects both Firefox and Thunderbird across multiple versions (Mozilla Advisory).

The vulnerability has been fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2. Users are strongly advised to update to these or later versions to mitigate the risk. The fix involves making ColorPickerShownCallback::mCallback into a RefPtr to prevent the use-after-free condition (Mozilla Bug).