Impact
A memory safety bug identified in Mozilla Firefox and Thunderbird can cause unpredictable behavior or a crash. The weakness involves an insecure memory operation, classified as a buffer overflow (CWE‑119) or an improper storage of sensitive information (CWE‑825). The official description confirms that the issue has been fixed in version 152 of both browsers and in ESR 140.12. While the exact impact on confidentiality, integrity or availability is not explicitly detailed, a vulnerable instance could potentially be exploited to terminate the program or, in a more severe scenario, to execute arbitrary code if the overflow is triggered in a context that allows code execution.
Affected Systems
Mozilla Firefox and Mozilla Thunderbird are affected. For Firefox the fix is available in version 152 and in the ESR branch at 140.12. Thunderbird receives its mitigation in releases 152 and 140.12. No other browsers or products are listed as impacted.
Risk and Exploitability
The CVSS score of 5.3 suggests a medium severity. The EPSS score of less than 1% indicates a very low probability of exploitation, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is inferred to be local or requires a crafted input, as the vulnerability is a memory safety issue. With no known exploitation reports, the overall risk is moderate to low for most environments, yet users should still apply the fix to prevent potential exploitation.
OpenCVE Enrichment
Debian DLA
Debian DSA