CVE-2023-23598 is a security vulnerability identified in Mozilla Firefox (versions prior to 109), Firefox ESR (versions prior to 102.7), and Thunderbird (versions prior to 102.7). The root cause lies in the GTK wrapper code used by Firefox and Thunderbird on Linux platforms, which handles drag-and-drop data using the text/plain MIME type. GTK treats all text/plain MIME data containing file URLs as if they are legitimate drag operations involving files. This behavior can be exploited by a malicious website to invoke the DataTransfer.setData method with crafted text/plain data containing file URLs, tricking the browser into exposing local file contents to the website. Essentially, this bypasses normal security boundaries by leveraging GTK's interpretation of drag data, enabling arbitrary local file reading without user interaction or authentication. The vulnerability affects users on Linux systems where GTK is the underlying graphical toolkit. Although no public exploits have been reported, the flaw represents a significant privacy risk as attackers can silently exfiltrate sensitive local files. The vulnerability was reserved in January 2023 and published in June 2023, but no CVSS score has been assigned yet. The issue is mitigated by upgrading to Firefox 109 or Thunderbird 102.7 or later, where the GTK drag-and-drop handling has been corrected to prevent this misuse.

For European organizations, this vulnerability poses a significant risk to confidentiality, especially for entities handling sensitive or regulated data such as financial institutions, healthcare providers, and government agencies. Since Firefox and Thunderbird are widely used across Europe, particularly in Linux environments, the potential for unauthorized local file disclosure is considerable. Attackers can exploit this vulnerability remotely via malicious websites without requiring user authentication or interaction beyond visiting a webpage, increasing the attack surface. The exposure of local files could lead to leakage of credentials, internal documents, or personally identifiable information, potentially resulting in regulatory non-compliance under GDPR and reputational damage. The absence of known exploits reduces immediate risk, but the ease of exploitation and the widespread use of affected software versions necessitate prompt remediation. The impact on integrity and availability is minimal, but confidentiality breaches alone justify urgent attention.

European organizations should prioritize upgrading all affected Firefox and Thunderbird installations to versions 109 and 102.7 respectively or later, where the vulnerability has been patched. For Linux environments, ensure that GTK libraries are also updated to the latest stable versions to avoid related issues. Implement network-level protections such as web filtering to block access to untrusted or malicious websites that could exploit this vulnerability. Employ endpoint detection and response (EDR) solutions capable of monitoring unusual browser behaviors, including unexpected file access or data exfiltration attempts. Educate users about the risks of visiting untrusted websites and the importance of keeping software up to date. For environments where immediate patching is not feasible, consider restricting browser usage to trusted internal sites or deploying application sandboxing to limit file system access. Regularly audit browser versions and configurations across the organization to ensure compliance with security policies.