This vulnerability consists of memory safety bugs in Firefox 141 and Thunderbird 141 that showed evidence of memory corruption. With sufficient effort, these bugs could have been exploited to run arbitrary code. The issue is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). Mozilla addressed these flaws in Firefox 142 and Thunderbird 142, releasing official patches. The CVSS 3.1 base score is 9.8, reflecting network attack vector, low attack complexity, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability.

Successful exploitation of these memory safety bugs could allow an attacker to execute arbitrary code remotely without user interaction or privileges, compromising system confidentiality, integrity, and availability. However, no active exploitation has been reported. The vulnerability affects Firefox and Thunderbird versions 141 and earlier, potentially impacting users running unpatched versions.

Mozilla has released official fixes for this vulnerability in Firefox 142 and Thunderbird 142. Users and administrators should update to these versions or later to remediate the issue. Since this is not a cloud service, patching the client software is required. There are no vendor advisories indicating that no action is required or that the issue is already mitigated without patching. Patch status is confirmed by the vendor advisory.