Impact
A memory safety flaw in Mozilla Firefox and Thunderbird can corrupt internal data structures. The defect may lead to unintended overwrites or reads of memory, but the official description does not confirm whether such corruption would trigger a crash, denial of service, or code execution. The weakness is classified under buffer overrun and out‑of‑bounds write categories.
Affected Systems
Versions of Firefox older than 152 and Firefox ESR 140.12, as well as Thunderbird versions older than 152 and Thunderbird ESR 140.12, contain the vulnerable code. Any installation running those releases without the fix is at risk.
Risk and Exploitability
The CVSS score of 7.5 places this issue in the high severity range, indicating a potentially serious impact if memory corruption can be leveraged. The EPSS score of less than 1% and its absence from the CISA KEV catalog suggest that public exploitation is currently uncommon. No publicly documented exploits have been announced, and the official description does not specify a clear remote or local attack path, leaving the precise context of exploitation unclear.
OpenCVE Enrichment
Debian DLA
Debian DSA