Impact
This vulnerability is a memory safety flaw that permits unsafe memory accesses, including buffer overruns and out‑of‑bounds reads or writes as classified by CWE‑119 and CWE‑787. The official description does not mention remote code execution or privilege escalation; the impact is therefore limited to application crashes, memory corruption, or localized compromise.
Affected Systems
Mozilla Firefox versions older than 152 and any ESR build older than 140.12 are vulnerable, as are Thunderbird releases before 152 and Thunderbird ESR editions older than 140.12 where the fix has not yet been applied.
Risk and Exploitability
The CVSS score of 5.3 indicates moderate severity, while the EPSS score of less than 1% indicates a very low likelihood of active exploitation. The vulnerability is not listed in CISA’s KEV catalog. Based on the description and lack of stated exploitation vector, it is inferred that the attack vector is likely local code execution or requires elevated privileges, and remote exploitation is unlikely without additional vulnerabilities.
OpenCVE Enrichment
Debian DLA
Debian DSA