Impact
The CVE describes a memory safety flaw—categorized as CWE‑119—that existed in multiple Mozilla products, including Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12. The defect was explicitly fixed in those versions. Although the advisory does not enumerate the precise exploitation consequences, memory-safety bugs generally stem from unsafe memory handling that can cause crashes, data corruption, or arbitrary code execution when triggered by malicious content.
Affected Systems
Mozilla Firefox (versions 152 and Firefox ESR 140.12) and Mozilla Thunderbird (versions 152 and 140.12) are impacted. Users running older releases of either browser or mail client have not received the patch and remain vulnerable.
Risk and Exploitability
The CVSS score of 5.3 indicates a moderate severity impact. The EPSS score of less than 1 % suggests that, as of the latest data, the probability of exploitation in the wild is low. The vulnerability is not listed in the CISA KEV catalog, further indicating limited real-world exploitation. The absence of an explicit attack vector in the description leaves the exact method of exploitation unclear; however, memory‑corruption flaws are typically exploited through crafted data or content processed by the affected application, potentially requiring local or remote user interaction. Given the moderate CVSS and low EPSS, organizations may treat this as a low‑to‑moderate priority issue pending application of the available patches.
OpenCVE Enrichment
Debian DLA
Debian DSA