Other issue in the Networking: DNS component was reported, affecting Mozilla Firefox and Mozilla Thunderbird. The description does not disclose the flaw’s exact nature, so the precise impact remains unclear. However, as a core networking component, the vulnerability could potentially influence DNS resolution, leading to incorrect name resolution, denial‑of-service, or traffic redirection. These assertions are inferred rather than directly stated in the input. The CWE identifiers reflect weaknesses in input validation, cross‑site request forgery, resource exhaustion, and privilege validation, which together could allow an attacker to manipulate DNS queries, forge data, exhaust system resources, or elevate privileges if exploited.

Mozilla Firefox and Mozilla Thunderbird are affected. The flaw was fixed in version 150 of both products, so versions prior to 150 are potentially vulnerable.

The CVSS score of 5.3 indicates moderate severity. The EPSS score is less than 1%, pointing to a low probability of exploitation in the wild, and the vulnerability is not listed in CISA’s KEV catalog. The lack of public exploitation evidence combined with a moderate CVSS suggests a cautious but not urgent stance. Attackers would likely need to deliver malicious DNS queries or forged responses to a victim’s system over the network, exploiting weaknesses in input validation and privilege checks listed in the CWE identifiers. Because the flaw resides in a fundamental DNS component, successful exploitation could compromise name resolution, data integrity, and availability of the affected software.