This vulnerability arises from the use of uninitialized memory within the Audio/Video: Web Codecs component of Firefox. The flaw allows the software to read memory that has not been properly initialized, potentially exposing remnants of previously processed data. If an attacker can craft input to the Web Codecs API, they may be able to trigger a read of these memory areas, resulting in the disclosure of confidential information or a system crash, thereby creating a denial‑of‑service scenario. The weakness is a classic case of accessing memory without proper initialization (CWE‑788).

Mozilla Firefox users running versions prior to Firefox 150 or Firefox ESR 140.10 are affected by this flaw. The issue has been addressed in Firefox 150 and the ESR 140.10 release, so any deployment of these or later builds is considered safe. Systems that rely on the Web Codecs API for media processing are the primary targets for this vulnerability.

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating that broad exploitation has not been observed or documented. Without a widely available exploit or significant public reconnaissance, the risk of immediate compromise is low to moderate. However, the impact of data leakage or a crash could be serious depending on the context of media processing workloads. The absence of a CVSS score in the public data suggests that the severity assessment is incomplete, but the nature of the flaw warrants precautionary action. The likely attack vector involves malicious media content or a crafted Web page that utilizes the Web Codecs API to read uninitialized memory.