Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
The error lies in improper verification of boundary conditions in the ImageLib library responsible for graphics processing. Incorrect boundary handling can lead to memory operations outside the permitted range when processing specially crafted image files or graphic content. A network attack vector (AV:N) without authentication requirements (PR:N) and user interaction (UI:N) means that simply visiting a malicious website or opening a crafted message may be sufficient to trigger the vulnerability.
Successful exploitation of this vulnerability may enable an attacker to gain full control over the confidentiality, integrity, and availability of the system — which corresponds to a High rating in all three CVSS categories. In practice, this may result in remote code execution (RCE) in the context of a browser or mail client process.
Software must be updated immediately to the following patched versions: Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, or Thunderbird 140.8. Patches are available through Mozilla's automatic update mechanism and on official product websites.
Mozilla Firefox versions prior to 148 and Firefox ESR versions prior to 115.33 and 140.8, as well as Mozilla Thunderbird versions prior to 148 and Thunderbird 140.8.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMozilla Firefox
APPMozilla< 115.33.0< 148.0128.0 – 140.8.0 (bez)Mozilla Thunderbird
APPMozilla< 140.8.0< 148.0
Related vulnerabilities
Use-after-free w Animation timelines Firefox/Thunderbird — RCE
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...
Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...