Impact
A denial‑of‑service flaw affects the Audio/Video: Playback component, allowing an attacker to crash or freeze the application when processing malicious media content. The vulnerability is identified by CWE‑400 and CWE‑770 and can disrupt user experience by rendering the browser or email client unusable. The impact is confined to the affected process and does not compromise confidentiality or integrity of data.
Affected Systems
Mozilla Firefox and Mozilla Thunderbird are affected. Versions prior to 152 contain the flaw; the issue was fixed in Firefox 152 and Thunderbird 152.
Risk and Exploitability
The CVSS score of 6.5 indicates a moderate severity. EPSS is below 1%, so exploitation is considered unlikely at present. The vulnerability is not listed in CISA KEV. The likely attack vector is the reception or decoding of a specially crafted audio or video file, which may be delivered locally or via a web page or email attachment. No additional requirements beyond having the vulnerable software running are mentioned.
OpenCVE Enrichment