CVE-2023-6872: 
NixOS vulnerability analysis and mitigation

CVE-2023-6872 is a privacy-related vulnerability discovered in Firefox versions prior to 121.0. The vulnerability was identified where browser tab titles were being leaked by GNOME to system logs, potentially exposing users' browsing habits, particularly concerning for those using private browsing mode. The issue was disclosed on December 19, 2023, and affected Firefox versions below 121.0 (Mozilla Advisory, NVD).

The vulnerability stems from GNOME's system logging behavior where browser tab titles were being recorded in system logs such as /var/log/syslog. This occurred when users accessed the GNOME activities menu, causing the window titles, including private browsing sessions, to be logged. The issue has been assigned a CVSS v3.1 base score of 6.5 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating network accessibility with required user interaction (NVD).

The primary impact of this vulnerability is the potential exposure of users' browsing history through system logs. This is particularly concerning for users who expect their private browsing activities to remain confidential, as the logged information could reveal their browsing habits even after closing the browser. The issue affects privacy-conscious users, especially those using tools like Tor Browser, where maintaining browsing privacy is crucial (Mozilla Bug).

The vulnerability has been fixed in Firefox version 121.0. Users are advised to upgrade to this version or later to prevent browser tab titles from being leaked to system logs. The fix includes the addition of a preference to control whether content titles are exposed in window titles (Gentoo Advisory).