Impact
The updated CVE description confirms a memory safety vulnerability involving improper handling of buffer bounds checks. Prior to version 152, Firefox and Thunderbird could allow an attacker to read or write outside intended memory areas, which may lead to application crashes, denial of service, or possibly the execution of arbitrary code, thereby compromising data integrity. This issue is consistent with the CWE‑119 classification of buffer overflows or underflows, and also aligns with CWE‑131, which denotes incorrect computation of buffer sizes due to improper buffer size handling.
Affected Systems
Mozilla Firefox and Mozilla Thunderbird are affected. Versions prior to 152 contain the flaw. The issue was fixed in Firefox 152 and Thunderbird 152, so any installation running an earlier release is potentially impacted.
Risk and Exploitability
The CVSS score of 5.3 indicates moderate severity. The EPSS score is less than 1%, suggesting a low probability of exploitation in the wild. The vulnerability is not listed in CISA KEV. The likely attack vector is local; an attacker would need to run code within the user's context to trigger the memory error. No public exploit has been reported, but the moderate CVSS combined with low EPSS still warrants patching to prevent potential crashes or malicious execution.
OpenCVE Enrichment