Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
The bug consists of using an invalid (uninitialized or invalidated) pointer in the JavaScript engine component. Incorrect access to such a pointer can lead to memory corruption of the process. An attacker can provide specially crafted JavaScript code (e.g., through a malicious website or email message) that triggers this error.
Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code remotely (RCE) in the context of the application, as well as compromise the confidentiality, integrity, and availability of the system.
Update to Firefox 148, Firefox ESR 140.8, Thunderbird 148, or Thunderbird 140.8, in which the vulnerability has been fixed. Patches are available in the vendor references (mozilla.org/security/advisories).
Mozilla Firefox (versions prior to 148), Mozilla Firefox ESR (versions prior to 140.8), Mozilla Thunderbird (versions prior to 148), Mozilla Thunderbird ESR (versions prior to 140.8)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMozilla Firefox
APPMozilla< 140.8.0< 148.0Mozilla Thunderbird
APPMozilla< 140.8.0< 148.0
Related vulnerabilities
Use-after-free w Animation timelines Firefox/Thunderbird — RCE
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...
Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...