CVE-2023-5728 - Garbage Collection Vulnerability in Firefox and Thunderbird Leads to Potentially Exploitable Crash

A recently disclosed vulnerability, tracked as CVE-2023-5728, affects popular web browser Firefox, Firefox Extended Support Release (ESR), and email client Thunderbird. The vulnerability is a result of additional operations being performed on objects during garbage collection when they shouldn't be, leading to a potentially exploitable crash.

This blog post will discuss the details of this vulnerability, provide a code snippet illustrating the issue, and link to relevant references and resources for further information.

Thunderbird versions before 115.4.1

Users are strongly advised to update their software to the latest versions to mitigate the risk posed by this vulnerability.

Exploit Details

During garbage collection – a crucial process in memory management that frees up space occupied by objects no longer in use – extra operations were mistakenly performed on certain objects. This issue arises when a particular object is not properly marked for garbage collection, resulting in additional unintended operations. The outcome could be a potentially exploitable crash, as demonstrated in the following code snippet:

function vulnerableFunction() {
  let obj = {};
  let weakRef = new WeakRef(obj);

  // ... Some code ...

  // obj is not marked for garbage collection, yet extra operations are performed on it
  obj = null;
  performGarbageCollection();

  let recoveredObj = weakRef.deref();
  if (recoveredObj) {
    // Extra operations unintentionally performed on recoveredObj
  } else {
    console.log('Object was garbage collected');
  }
}

In the code snippet above, the obj variable is assigned to null – therefore, it should be marked for garbage collection. However, the garbage collection process inadvertently carries out additional operations on the object.

For more details on this vulnerability, refer to the following resources

- Mozilla Security Advisory
- National Vulnerability Database (NVD) Entry
- Common Vulnerabilities and Exposures (CVE) Record

Mitigation

To protect against this vulnerability, users should update Firefox, Firefox ESR, and Thunderbird to the latest versions, which address the issue. The latest versions are as follows:

Up-to-date software can be downloaded from the following links

- Firefox Download Page
- Firefox ESR Download Page
- Thunderbird Download Page

Conclusion

CVE-2023-5728 is a critical vulnerability affecting Firefox, Firefox ESR, and Thunderbird. It arises due to extra operations being performed on objects during garbage collection when they shouldn't be, leading to a potentially exploitable crash. The best course of action for users is to update their software to the latest versions, thereby ensuring their systems remain secure and free from potential exploitation.

Timeline

Published on: 10/25/2023 18:17:44 UTC
Last modified on: 11/02/2023 20:12:56 UTC