Mozilla Thunderbird up to 115.0.1 IPC FilePickerShownCallback use after free

Summaryinfo

A vulnerability was found in Mozilla Thunderbird and classified as critical. Impacted is the function FilePickerShownCallback of the component IPC. The manipulation results in use after free. This vulnerability is identified as CVE-2023-4575. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, was found in Mozilla Thunderbird (Mail Client Software). Affected is the function FilePickerShownCallback of the component IPC. The manipulation with an unknown input leads to a use after free vulnerability. CWE is classifying the issue as CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

The weakness was released 09/11/2023. The advisory is shared for download at mozilla.org. This vulnerability is traded as CVE-2023-4575 since 08/29/2023. Successful exploitation requires user interaction by the victim. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 06/20/2025).

The vulnerability scanner Nessus provides a plugin with the ID 239763 (TencentOS Server 4: thunderbird (TSSA-2024:0450)), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 115.2 eliminates this vulnerability. The upgrade is hosted for download at mozilla.org.

The vulnerability is also documented in the vulnerability database at Tenable (239763). VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Type

• Mail Client Software

Vendor

• Mozilla

Name

• Thunderbird

Version

• 0.1
• 0.2
• 0.3
• 0.4
• 0.5
• 0.6
• 0.7
• 0.7.1
• 0.7.2
• 0.7.3
• 0.8
• 0.9
• 1
• 1.0
• 1.0.1
• 1.0.2
• 1.0.3
• 1.0.4
• 1.0.5
• 1.0.6
• 1.0.7
• 1.0.8
• 1.0.9
• 1.1.8
• 1.5
• 1.5.0.1
• 1.5.0.2
• 1.5.0.3
• 1.5.0.4
• 1.5.0.5
• 1.5.0.6
• 1.5.0.7
• 1.5.0.8
• 1.5.0.9
• 1.5.0.10
• 1.5.0.11
• 2
• 2.0.0.5
• 2.0.0.11
• 2.0.0.19
• 2.0.14
• 3.11.5
• 13.0
• 14
• 15
• 16
• 16.0.1
• 16.0.2
• 17.0
• 17.0.1
• 17.0.2
• 17.0.3
• 17.0.4
• 17.0.5
• 17.0.6
• 17.0.7
• 17.0.8
• 17.0.10
• 18.0
• 20.0
• 21.0
• 23.0
• 24.0
• 25.0
• 30.0
• 31
• 45.6
• 52.5.2
• 52.6
• 52.8
• 52.9
• 60.5
• 60.5.0
• 60.5.1
• 60.7.1
• 62.0
• 68.1
• 68.1.1
• 68.5
• 68.8.0
• 68.9.0
• 68.10.0
• 68.12
• 78.5.1
• 78.6.1
• 78.7
• 78.8.1
• 78.9.1
• 78.10
• 78.10.1
• 78.10.2
• 78.12
• 91.0
• 91.0.1
• 91.2
• 91.3.0
• 91.4.0
• 91.4.1
• 91.5
• 91.6
• 91.6.1
• 91.7
• 91.8
• 91.9
• 91.10
• 91.11
• 91.13.1
• 101
• 102
• 102.1
• 102.2
• 102.3
• 102.4
• 102.5
• 102.5.1
• 102.6
• 102.7
• 102.7.1
• 102.8
• 102.9
• 102.9.1
• 102.10
• 102.11
• 102.12
• 102.13
• 115.0.1

License

• open-source

Website

• Vendor: https://www.mozilla.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Discussion