Impact
This flaw allows an attacker to bypass a security mitigation built into the DOM component of Mozilla products. The vulnerability was addressed in Firefox 152 and Thunderbird 152 and carries a CVSS score of 9.1, reflecting a critical weakness that violates the intended protection mechanism, as classified by CWE‑693 and CWE‑358.
Affected Systems
All versions of Mozilla Firefox and Mozilla Thunderbird released before version 152 are potentially affected. The fix is delivered in the 152 releases of both products, meaning any older build remains vulnerable until updated.
Risk and Exploitability
The EPSS score of less than 1% and absence from the CISA KEV catalog suggest that exploitation is not widely observed today, yet the high CVSS score indicates a severe risk if discovered. Based on the description, it is inferred that the attack likely requires the delivery of crafted content—such as a malicious web page or email that causes the DOM security component to misbehave, potentially leading to code execution or privilege escalation within the context of the user’s profile.
OpenCVE Enrichment