Impact
This vulnerability is a memory safety bug that could lead to a program crash. The weakness is classified as CWE-119, which involves buffer incorrectly bounded operations. The CVSS score of 5.3 reflects a moderate severity, indicating that while the bug is notable, it is not assessed as a high‑impact remote exploitation vector in the current data.
Affected Systems
All installations of Mozilla Firefox and Mozilla Thunderbird earlier than version 152 are vulnerable. The issue was addressed in Firefox 152 and Thunderbird 152, so users running those or newer releases are not affected. No other vendors or versions are reported as impacted.
Risk and Exploitability
The EPSS score is below 1%, showing a very low likelihood of exploitation at the time of the assessment, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is not explicitly documented; based on the description it is inferred that an attacker could trigger the issue by providing crafted input to the application, though the precise path is not detailed in the available references. The CVSS base score indicates that an exploit would result in system instability rather than full code execution.
OpenCVE Enrichment