Impact
This vulnerability allows an attacker to read data that should not be exposed by exploiting incorrect boundary checks in the Graphics: WebGPU component. The flaw is an out‑of‑bounds read (CWE‑125), which can expose sensitive information stored in memory buffers, potentially revealing private data such as credentials or local content. Because the flaw is an information disclosure that does not provide direct code execution or privilege escalation, the primary risk is the inadvertent leakage of user data to the attacker.
Affected Systems
The affected products are Mozilla Firefox and Mozilla Thunderbird. The issue was addressed in Firefox 152 and Thunderbird 152, meaning any versions prior to 152 are vulnerable.
Risk and Exploitability
The CVSS score of 4.3 indicates a low‑to‑moderate severity. The EPSS score of less than 1% suggests that exploitation is unlikely at the moment, and the vulnerability is not listed in CISA’s KEV catalog. The most plausible attack vector is via a malicious site or user manipulating WebGPU APIs to trigger the boundary error, but detailed exploitation conditions are not specified in the advisory. Given the limited exploitability and information‑only impact, the risk to a well‑patched environment is low, though the threat of data leakage remains if the software is outdated.
OpenCVE Enrichment