Memory safety bug in Mozilla Firefox/Thunderbird

Successful exploitation could cause memory corruption and application instability, and Mozilla advisory context indicates that memory safety issues in these releases could potentially lead to arbitrary code execution. Broader advisory context for the affected Mozilla release family also includes possible privilege escalation, sandbox escape, same-origin policy bypass, information disclosure, spoofing, and denial of service, but the specific impact confirmed for this CVE from the provided content is memory corruption with potential arbitrary code execution.

No CVE-specific workaround is provided in the supplied advisories. Until patching is completed, reduce exposure by applying least-privilege principles, avoiding administrative execution contexts, enabling exploit-protection controls, restricting access to untrusted web content and attachments, and using host-based detection/prevention controls. Primary mitigation is prompt upgrade to the fixed Mozilla releases.

Upgrade affected Mozilla products to fixed versions: Firefox 152, Firefox ESR 140.12, Thunderbird 152, or Thunderbird ESR 140.12 or later, as applicable. Debian users should install the patched firefox-esr package version 140.12.0esr-1~deb13u1 for the stable distribution where relevant.