Firefox’s JavaScript engine contains a Just‑In‑Time compiler that can miscompile JavaScript into incorrect machine code. The defect can lead to execution of unintended instructions, potentially enabling arbitrary code execution. This weakness exemplifies a miscompilation or out‑of‑bounds execution fault, corresponding to CWE‑119, CWE‑686, CWE‑733, and CWE‑843. No reports of successful exploitation are provided, but the nature of the flaw indicates a high‑severity impact.

All installations of Mozilla Firefox older than version 150.0.3 are affected, as the fix is only present in that release. The flaw resides in the core JIT component, so any web page capable of running JavaScript could potentially trigger it, affecting users on supported operating systems and browsers that include this engine.

EPSS score of < 1% indicates a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The CVSS score is 7.3, indicating significant potential for compromise if exploited. The exploit path described in common vulnerability reports—a remote JavaScript payload served by a malicious web page—cannot be confirmed as a documented vector in the CVE data; it is inferred from the fact that the flaw resides in the browser’s JavaScript engine and that such engines can be triggered by arbitrary web content. Therefore, while no public exploits are known, the possibility of arbitrary code execution through malicious web content makes timely remediation essential.