Impact
The vulnerability is a JIT miscompilation within the JavaScript: WebAssembly component of Mozilla’s software. It can lead to incorrect program behavior or crashes when executing WebAssembly code. The associated weakness falls under CWE‑670 and CWE‑733, indicating a problem with just‑in‑time compilation or runtime binding.
Affected Systems
Mozilla Firefox and Mozilla Thunderbird are affected. Versions earlier than Firefox 152 and Thunderbird 152 contain the bug; the issue was addressed in the 152 releases of both products.
Risk and Exploitability
The CVSS score of 5.4 classifies the vulnerability as moderate severity. The EPSS score of less than 1 % suggests that exploitation is unlikely, and the issue is not listed in CISA’s KEV catalog. The likely attack vector involves execution of user‑controlled WebAssembly code in a browser, requiring an active user session or malicious web page. Exploitation would be confined to the local environment of the compromised browser instance and would primarily result in crashes or incorrect behavior rather than remote code execution.
OpenCVE Enrichment