Impact
An incorrect boundary condition in the CanvasWebGL component allows the application to read or write memory beyond its intended bounds, which can cause crashes or other undefined behavior. The flaw is classified as CWE‑131 and CWE‑703, indicating failing size handling and inadequate boundary checks.
Affected Systems
Mozilla Firefox and Mozilla Thunderbird are affected. Versions up to and including Firefox 151 and Firefox ESR 140.11, and Thunderbird 151 and Thunderbird ESR 140.11, are impacted. This range is inferred from the fact that the vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird ESR 140.12.
Risk and Exploitability
The CVSS score of 7.3 signals a high potential impact if exploited. The EPSS score is below 1 % and the vulnerability is not listed in the CISA KEV catalog, indicating a low likelihood of exploitation at present. The attack is likely to be triggered by malicious web content or an email containing crafted CanvasWebGL data, though no concrete exploitation technique is documented in the supplied data. Thus the risk is high in impact but low in probability under the current threat landscape.
OpenCVE Enrichment
Debian DLA
Debian DSA