CVE-2023-4580 in Thunderbird
Summary
by MITRE • 09/11/2023
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/20/2025
This vulnerability represents a critical security flaw in Mozilla Firefox and Thunderbird applications where push notifications stored on disk in private browsing mode lacked proper encryption mechanisms. The issue stems from the improper handling of sensitive data persistence during private browsing sessions, creating a potential information disclosure risk that could compromise user privacy and confidentiality. The vulnerability specifically impacts versions prior to Firefox 117 and Firefox ESR 115.2, as well as Thunderbird versions before 115.2, indicating a widespread concern across multiple Mozilla products that rely on similar notification storage mechanisms.
The technical implementation flaw occurs when the browser stores push notification data in an unencrypted format on the local filesystem while users are engaged in private browsing sessions. This design oversight allows malicious actors or compromised system components to access stored notification data without requiring authentication or decryption keys. The vulnerability manifests as a failure to implement proper encryption at rest for sensitive user data, which violates fundamental security principles for protecting privacy-sensitive information. According to CWE classification, this represents a weakness in the protection of stored data, specifically categorized under CWE-311, which deals with missing encryption of sensitive data.
The operational impact of this vulnerability extends beyond simple data exposure, as it undermines the core privacy guarantees that private browsing mode is designed to provide. Users engaging in private browsing sessions may unknowingly leave sensitive information accessible to unauthorized parties through the stored notification data. This creates a significant risk for users handling confidential communications, personal information, or business-sensitive data through the affected applications. The vulnerability aligns with ATT&CK technique T1531, which involves modification of utilities or systems to gain access to sensitive information, as the flaw enables unauthorized access to previously protected notification data through filesystem inspection.
Organizations and individual users should immediately upgrade to the patched versions of Firefox, Firefox ESR, and Thunderbird to remediate this vulnerability. System administrators should conduct comprehensive vulnerability assessments to identify any potentially compromised systems where affected versions may be in use. Additional mitigations include implementing strict access controls on user directories, monitoring for unauthorized filesystem access patterns, and ensuring proper security configurations for notification storage mechanisms. The vulnerability highlights the importance of encryption at rest for all sensitive data, particularly in privacy-focused browsing contexts, and underscores the need for thorough security testing of privacy-related features to prevent such information disclosure scenarios.