Impact
The vulnerability is a memory safety bug affecting Mozilla Firefox and Thunderbird, as identified by the vendor advisories. It is classified by the CVE as CWE‑119 and CWE‑825, which implies heap or stack corruption and potential memory leaks. The flaw could corrupt application memory if triggered, though the advisories do not indicate denial of service or code execution consequences. No specific trigger conditions or attack vector are provided in the description.
Affected Systems
All Mozilla Firefox versions older than 152 and Firefox ESR versions older than 140.12, as well as all Mozilla Thunderbird versions older than 152 and Thunderbird ESR versions older than 140.12, are potentially affected, according to the vendor advisory.
Risk and Exploitability
The CVSS score is 6.5, placing the vulnerability in the medium severity range. The EPSS score is reported as less than 1 %, indicating a low probability of exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. An explicit attack vector is not disclosed in the description, so the exact conditions to trigger the flaw remain unspecified.
OpenCVE Enrichment
Debian DLA
Debian DSA