Impact
The flaw resides in the Graphics: ImageLib component and permits a specially crafted image file to trigger a crash during processing. The resulting crash causes a temporary loss of functionality for the application, effectively denying service to legitimate users. Because the exploit does not provide a path to read, modify, or execute arbitrary code, confidentiality and integrity remain unaffected. The issue aligns with CWE-400 (Uncontrolled Resource Consumption) and CWE-1286 (Integer data source causes excessive allocation).
Affected Systems
Mozilla Firefox users of versions earlier than 152 are vulnerable; ESR builds 140.12 and 115.37 have the fix and are not affected. Likewise, all Mozilla Thunderbird releases older than 152 are vulnerable; ESR 140.12 does not contain the defect.
Risk and Exploitability
The CVSS score of 6.5 indicates a moderate risk level. The EPSS score of <1% suggests that exploitation is unlikely at this time, and the vulnerability is not present in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is remote, with an adversary delivering malicious image content via a web page or an email attachment to trigger the crash.
OpenCVE Enrichment
Debian DLA
Debian DSA