Impact
The vulnerability is an elevation of privilege flaw in the Graphics: WebRender component that can allow a local attacker to gain higher privileges on a system. The flaw is identified by CWE-266 and CWE-269. The formal description states that the issue was fixed in recent releases of the affected products.
Affected Systems
Affected products include Mozilla Firefox and Mozilla Thunderbird, both for standard and ESR releases. The known fixed versions are Firefox 152, Firefox ESR 140.12 and 115.37, and Thunderbird 152 and 140.12. Systems running older versions of either browser are susceptible.
Risk and Exploitability
The CVSS score of 8.8 indicates high severity, while the EPSS score of less than 1% suggests a currently low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog, so there are no confirmed exploits reported in the public domain. The likely attack vector is inferred to be local, as the flaw involves privilege escalation within the application process. Due to the high severity, it is prudent to assume that a determined attacker could leverage this flaw if the application is running with user‑level privileges and the attacker can induce the vulnerability through crafted content or input.
OpenCVE Enrichment
Debian DLA
Debian DSA