Impact
This vulnerability enables the bypass of the DOM security component in Mozilla products. The impact is that the protection mechanisms meant to guard against malicious DOM manipulation can be circumvented, exposing the system to further compromise. The weakness is classified as CWE-693 and CWE-807, indicating improper authorization and related restrictions.
Affected Systems
The bug affects Mozilla Firefox and Mozilla Thunderbird versions prior to Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird ESR 140.12. Users running earlier versions are vulnerable.
Risk and Exploitability
The CVSS score of 9.1 indicates a high severity, while the EPSS score of < 1% suggests a low likelihood of exploitation today. It is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is likely remote, involving malicious web content or email attachments that manipulate the DOM. If exploited, the attacker could override security checks, potentially leading to code execution or other privileges.
OpenCVE Enrichment
Debian DLA
Debian DSA