Impact
The CVE document states that a memory safety bug was fixed in Thunderbird 152 and Firefox 152. The flaw is classified as CWE‑119 and CWE‑825, indicating an out‑of‑bounds memory operation. Based on the nature of both CWEs, such flaws can potentially lead to arbitrary code execution if an attacker can exercise the vulnerable memory operation.
Affected Systems
Mozilla Firefox and Mozilla Thunderbird earlier than version 152 are affected. Users running any pre‑152 build should verify their installed version and upgrade to a patched release to eliminate the defect.
Risk and Exploitability
The CVSS score of 7.5 places the defect in the high severity range. The EPSS score of less than 1 % indicates a very low probability of exploitation at present, and the issue is not listed in the CISA KEV catalog. The attack vector is not explicitly defined in the CVE data; it is inferred that the bug could be triggered by application processing of crafted content, such as malformed input or data read from an external source. The overall risk balances a potentially high impact with a currently low exploitation likelihood.
OpenCVE Enrichment