Impact
The vulnerability is a memory safety fault that can trigger buffer overflow, out‑of‑bounds read, use‑after‑free, or arbitrary write operations, as indicated by the listed CWEs. The defect was present in older versions of Firefox and Thunderbird prior to the 152 and 140.12 releases. The type of defect suggests that an attacker who successfully exploits it could potentially gain unintended control over the affected application, a scenario that is inferred from the nature of memory safety bugs. The CVSS score of 7.5 indicates that, if exploited, the impact could be significant.
Affected Systems
Mozilla releases such as Firefox and Thunderbird are affected in all versions earlier than Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird ESR 140.12. These older versions lack the memory safety fix applied in the specified releases.
Risk and Exploitability
The EPSS score of < 1% indicates that current exploitation activity is expected to be low, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector would involve maliciously crafted input such as a message or web content, but this is inferred from the type of memory safety bug and the product domain. If exploited, the flaw could lead to a full compromise of the user’s system. Patch status for the affected versions is critical to mitigate the risk.
OpenCVE Enrichment
Debian DLA
Debian DSA