Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
The vulnerability consists of a use-after-free error in the Layout: Text and Fonts component — an area of the browser engine responsible for processing and displaying text and fonts. This type of error means that the program references a memory area that has already been freed, which can lead to execution of code controlled by the attacker. The attack vector is network-based, with no authentication requirement and no need for any user interaction on the victim's side (CVSS AV:N/AC:L/PR:N/UI:N).
An attacker can gain full control over the victim's system through remote code execution (RCE), and can also lead to violations of confidentiality, integrity, and availability of data — all three categories rated as high in the CVSS vector.
Software must be updated immediately to the following versions: Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, or Thunderbird 140.9, in which the vulnerability has been fixed. Patches are available directly from the vendor and in the references indicated in the description.
Mozilla Firefox versions prior to 149, Mozilla Firefox ESR versions prior to 115.34 and prior to 140.9, Mozilla Thunderbird versions prior to 149 and prior to 140.9.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMozilla Firefox
APPMozilla< 115.34.0< 149.0128.0 – 140.9.0 (bez)
Related vulnerabilities
Use-after-free w Animation timelines Firefox/Thunderbird — RCE
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...
Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...