Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.
The vulnerability results from out-of-bounds write errors in the memory management of the browser/email client engine. Some of the detected errors led to process memory corruption, which provides a basis for their exploitation to gain control over the program's execution flow. An attacker can deliver specially crafted content (e.g., a website or email message) that triggers the vulnerable code without requiring authentication or user interaction.
Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code remotely (RCE) in the context of a Firefox or Thunderbird process, which may lead to complete compromise of the user session, data breach, or malicious software installation.
Mozilla Firefox should be updated immediately to version 149.0.2 or later, and Mozilla Thunderbird should be updated to version 149.0.2 or later. Patches are available through the automatic update mechanism or directly from the manufacturer's websites indicated in the references.
Mozilla Firefox 149.0.1 and Mozilla Thunderbird 149.0.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMozilla Firefox
APPMozilla< 149.0.2Mozilla Thunderbird
APPMozilla< 149.0.2
Related vulnerabilities
Use-after-free w Animation timelines Firefox/Thunderbird — RCE
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...
Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...