This vulnerability involves incorrect boundary conditions in the JavaScript garbage collection (GC) component of Mozilla Firefox. It is classified under CWE-754 and was reported by Gary Kwong. The flaw could potentially lead to memory safety issues, but no active exploitation has been reported. Mozilla fixed this vulnerability in Firefox 143 and Firefox ESR 140.3 as part of a broader security update addressing multiple memory safety bugs. The CVSS v3.1 base score is 6.5, reflecting a network attack vector with low complexity, no privileges or user interaction required, and impacts confidentiality and integrity but not availability.

The vulnerability could allow an attacker to impact the confidentiality and integrity of the affected Firefox browser through memory safety issues in the JavaScript GC component. However, there are no known exploits in the wild. The impact is rated moderate by Mozilla and medium severity by CVSS. Successful exploitation might lead to partial information disclosure or integrity compromise within the browser process.

Mozilla has released official fixes for this vulnerability in Firefox 143 and Firefox ESR 140.3. Users and administrators should update affected Firefox and Thunderbird installations to these versions or later to remediate the issue. Since this is not a cloud service, remediation depends on applying these updates. There are no vendor advisories indicating that no action is required or that the issue is already mitigated without patching.