VYPR
Medium severity6.5NVD Advisory· Published Jun 2, 2023· Updated Jun 17, 2026

CVE-2023-23598

CVE-2023-23598

Description

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData. This vulnerability affects Firefox < 109, Firefox ESR < 102.7, and Thunderbird < 102.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

38

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.