Impact
The vulnerability is a memory safety defect that can corrupt process memory. The CVE entry does not specify exact consequences, but memory corruption can lead to program crashes, data loss, or loss of integrity if exploited. The fault is categorized under CWE‑119 and CWE‑825, indicating a buffer over‑read/over‑write weakness and improper handling of memory management.
Affected Systems
All Mozilla Firefox releases older than version 152, including the ESR 140.12 line, and all Mozilla Thunderbird releases older than version 152, including the ESR 140.12 line, are vulnerable. Any earlier releases prior to these specific versions are affected.
Risk and Exploitability
The CVSS score of 7.5 indicates a high severity vulnerability, while an EPSS score of less than 1 percent suggests that an exploit is unlikely at present. The vulnerability is not listed in the CISA KEV catalog. The exact attack vector is not provided; based on typical memory safety bugs, the likely route involves an attacker delivering malicious content or code that triggers the defect in the client applications.
OpenCVE Enrichment
Debian DLA
Debian DSA