Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceUBUNTU-CVE-2023-23598

UBUNTU-CVE-2023-23598

MEDIUM6.5

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to

Published Jan 18, 2023

Modified 3 months ago

Fix available

Details

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.

Affected Packages(11 packages)

firefox

Ubuntu 18.04 LTS

Fixed in:

109.0+build2-0ubuntu0.18.04.1

mozjs38

Ubuntu 18.04 LTS

Affected versions:

38.8.0~repack1-0ubuntu138.8.0~repack1-0ubuntu338.8.0~repack1-0ubuntu4

mozjs52

Ubuntu 18.04 LTS

Affected versions:

52.3.1-0ubuntu352.3.1-7fakesync152.8.1-0ubuntu0.18.04.152.9.1-0ubuntu0.18.04.1

thunderbird

Ubuntu 18.04 LTS

Fixed in:

1:102.7.1+build2-0ubuntu0.18.04.1

firefox

Ubuntu 20.04 LTS

Fixed in:

109.0+build2-0ubuntu0.20.04.1

mozjs52

Ubuntu 20.04 LTS

Affected versions:

52.9.1-1build152.9.1-1ubuntu3

mozjs68

Ubuntu 20.04 LTS

Affected versions:

68.5.0-1~fakesync68.5.0-2~fakesync68.6.0-168.6.0-1ubuntu1

thunderbird

Ubuntu 20.04 LTS

Fixed in:

1:102.7.1+build2-0ubuntu0.20.04.1

mozjs78

Ubuntu 22.04 LTS

Affected versions:

78.13.0-178.15.0-278.15.0-4ubuntu1

mozjs91

Ubuntu 22.04 LTS

Affected versions:

91.10.0-0ubuntu191.5.1-0ubuntu191.6.0-191.6.0-291.7.0-2

References

https://ubuntu.com/security/CVE-2023-23598

https://ubuntu.com/security/notices/USN-5816-1

https://ubuntu.com/security/notices/USN-5824-1

https://www.cve.org/CVERecord?id=CVE-2023-23598

https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23598

https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23598

CVSS Analysis

CVSS v3.1

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Upstream

Related

USN-5816-1 USN-5824-1

Ecosystems

Ubuntu 18.04 LTS Ubuntu 20.04 LTS Ubuntu 22.04 LTS

Timeline

PublishedJan 18, 2023

ModifiedDec 26, 2025

UBUNTU-CVE-2023-23598 | Mondoo Vulnerability Intelligence