This vulnerability involves multiple memory safety bugs in Firefox 140 and Thunderbird 140, some of which demonstrated memory corruption that could be exploited to achieve arbitrary code execution. The issues are related to improper memory handling (CWE-119). Mozilla fixed these vulnerabilities in Firefox 141 and Thunderbird 141. The CVSS v3.1 base score is 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical impact with network attack vector, no privileges or user interaction required, and high confidentiality, integrity, and availability impacts. The vendor advisory confirms the fixes and provides detailed references to the bugs addressed.

Successful exploitation of these memory safety bugs could allow remote attackers to execute arbitrary code on affected systems without user interaction or privileges, potentially leading to full compromise of the affected Firefox or Thunderbird application. The vulnerabilities affect confidentiality, integrity, and availability of the impacted software. No known active exploitation has been reported.

Mozilla has released official fixes for these vulnerabilities in Firefox 141 and Thunderbird 141. Users and administrators should update to these versions or later to remediate the issue. Since this is not a cloud service, patching the client software is required. Patch status is confirmed by the vendor advisory. No additional mitigation steps are indicated beyond applying the official updates.