CVE-2023-4575: 
NixOS vulnerability analysis and mitigation

CVE-2023-4575 is a high-severity vulnerability discovered in Mozilla Firefox and Thunderbird that affects their file picker functionality. The vulnerability was disclosed on August 29, 2023, and affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2. The issue involves a use-after-free vulnerability in the FilePickerShownCallback functionality that could potentially lead to exploitable crashes (Mozilla Advisory).

The vulnerability occurs when creating a callback over IPC (Inter-Process Communication) for showing the File Picker window. Multiple callbacks could be created simultaneously and all be destroyed as soon as one of the callbacks finished, leading to a use-after-free condition. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating network vector attack with low complexity but requiring user interaction (NVD).

The vulnerability could lead to a potentially exploitable crash in the browser, which might allow an attacker to execute arbitrary code. The impact is considered high as it could potentially enable a sandbox escape if combined with other vulnerabilities. Multiple callbacks being destroyed simultaneously could compromise the stability and security of the application (Mozilla Advisory).

The vulnerability has been fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2. Users are advised to update to these versions or later to mitigate the vulnerability. The fix involved making IORunnable::mFilePickerParent into a RefPtr to prevent the use-after-free condition (Mozilla Advisory).