2162338 – (CVE-2023-23598) CVE-2023-23598 Mozilla: Arbitrary file read from GTK drag and drop on Linux

Bug 2162338 (CVE-2023-23598) - CVE-2023-23598 Mozilla: Arbitrary file read from GTK drag and drop on Linux

Summary: CVE-2023-23598 Mozilla: Arbitrary file read from GTK drag and drop on Linux

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2023-23598
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	Embargoed2158855 Red Hat2158856 Red Hat2158857 Red Hat2158858 Red Hat2158859 Red Hat2158860 Red Hat2158861 Red Hat2158862 Red Hat2158863 Red Hat2158864 Red Hat2158865 Embargoed2158866 Red Hat2158867 Embargoed2158868 Red Hat2158872 Red Hat2158873 Red Hat2158874 Red Hat2158875 Red Hat2158876 Red Hat2158877 Red Hat2158878 Red Hat2158879 Red Hat2158880 Red Hat2158881 Red Hat2158883
Blocks:	Embargoed2158844
TreeView+	depends on / blocked

Reported:	2023-01-19 11:35 UTC by Dhananjay Arunesh
Modified:	2023-01-29 04:52 UTC (History)
CC List:	5 users (show)
Fixed In Version:	firefox 102.7, thunderbird 102.7
Doc Type:	---
Doc Text:	The Mozilla Foundation Security Advisory describes this flaw as: Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to `DataTransfer.setData`.
Clone Of:
Environment:
Last Closed:	2023-01-29 04:52:12 UTC

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:0285	None	None	None	2023-01-23 09:18:24 UTC
Red Hat Product Errata	RHSA-2023:0286	None	None	None	2023-01-23 09:18:50 UTC
Red Hat Product Errata	RHSA-2023:0288	None	None	None	2023-01-23 09:19:36 UTC
Red Hat Product Errata	RHSA-2023:0289	None	None	None	2023-01-23 09:20:25 UTC
Red Hat Product Errata	RHSA-2023:0290	None	None	None	2023-01-23 09:20:05 UTC
Red Hat Product Errata	RHSA-2023:0294	None	None	None	2023-01-23 09:21:30 UTC
Red Hat Product Errata	RHSA-2023:0295	None	None	None	2023-01-23 09:22:12 UTC
Red Hat Product Errata	RHSA-2023:0296	None	None	None	2023-01-23 09:22:23 UTC
Red Hat Product Errata	RHSA-2023:0456	None	None	None	2023-01-25 15:25:20 UTC
Red Hat Product Errata	RHSA-2023:0457	None	None	None	2023-01-25 15:15:50 UTC
Red Hat Product Errata	RHSA-2023:0459	None	None	None	2023-01-25 15:17:39 UTC
Red Hat Product Errata	RHSA-2023:0460	None	None	None	2023-01-25 15:25:08 UTC
Red Hat Product Errata	RHSA-2023:0461	None	None	None	2023-01-25 15:24:41 UTC
Red Hat Product Errata	RHSA-2023:0462	None	None	None	2023-01-25 15:28:20 UTC
Red Hat Product Errata	RHSA-2023:0463	None	None	None	2023-01-25 15:29:12 UTC
Red Hat Product Errata	RHSA-2023:0476	None	None	None	2023-01-26 17:15:42 UTC

Description Dhananjay Arunesh 2023-01-19 11:35:20 UTC

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to `DataTransfer.setData`.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23598

Comment 1 errata-xmlrpc 2023-01-23 09:18:22 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0285 https://access.redhat.com/errata/RHSA-2023:0285

Comment 2 errata-xmlrpc 2023-01-23 09:18:49 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0286 https://access.redhat.com/errata/RHSA-2023:0286

Comment 3 errata-xmlrpc 2023-01-23 09:19:34 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0288 https://access.redhat.com/errata/RHSA-2023:0288

Comment 4 errata-xmlrpc 2023-01-23 09:20:03 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0290 https://access.redhat.com/errata/RHSA-2023:0290

Comment 5 errata-xmlrpc 2023-01-23 09:20:23 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0289 https://access.redhat.com/errata/RHSA-2023:0289

Comment 6 errata-xmlrpc 2023-01-23 09:21:28 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0294 https://access.redhat.com/errata/RHSA-2023:0294

Comment 7 errata-xmlrpc 2023-01-23 09:22:10 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0295 https://access.redhat.com/errata/RHSA-2023:0295

Comment 8 errata-xmlrpc 2023-01-23 09:22:22 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0296 https://access.redhat.com/errata/RHSA-2023:0296

Comment 9 errata-xmlrpc 2023-01-25 15:15:49 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0457 https://access.redhat.com/errata/RHSA-2023:0457

Comment 10 errata-xmlrpc 2023-01-25 15:17:37 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0459 https://access.redhat.com/errata/RHSA-2023:0459

Comment 11 errata-xmlrpc 2023-01-25 15:24:40 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0461 https://access.redhat.com/errata/RHSA-2023:0461

Comment 12 errata-xmlrpc 2023-01-25 15:25:06 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0460 https://access.redhat.com/errata/RHSA-2023:0460

Comment 13 errata-xmlrpc 2023-01-25 15:25:19 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0456 https://access.redhat.com/errata/RHSA-2023:0456

Comment 14 errata-xmlrpc 2023-01-25 15:28:19 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0462 https://access.redhat.com/errata/RHSA-2023:0462

Comment 15 errata-xmlrpc 2023-01-25 15:29:10 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0463 https://access.redhat.com/errata/RHSA-2023:0463

Comment 16 errata-xmlrpc 2023-01-26 17:15:40 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0476 https://access.redhat.com/errata/RHSA-2023:0476

Comment 17 Product Security DevOps Team 2023-01-29 04:52:10 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-23598

Note You need to log in before you can comment on or make changes to this bug.