A high-severity vulnerability has been discovered in Mozilla Firefox and Firefox ESR, which could allow a remote attacker to execute arbitrary code on a user's system. Successful exploitation occurs if a user visits a specially crafted, malicious webpage, potentially leading to a full system compromise. This could result in data theft, malware installation, or further network intrusion.

The vulnerability is a use-after-free condition within the browser's Just-In-Time (JIT) compiler component. An attacker can exploit this by creating a malicious webpage with specific JavaScript code that manipulates memory objects in a way that triggers the flaw. When a user running a vulnerable version of Firefox navigates to this page, the browser can be tricked into executing arbitrary code with the privileges of the logged-in user, leading to a sandbox escape and full compromise of the host machine.

This vulnerability is rated as High severity with a CVSS score of 8.4. Exploitation could have a significant negative impact on the organization. If an employee's workstation is compromised, an attacker could exfiltrate sensitive corporate data, install persistent malware like ransomware or spyware, or use the compromised machine as a beachhead to launch further attacks against the internal network. The wide deployment of Firefox in enterprise environments makes this a critical threat that could lead to financial loss, reputational damage, and operational disruption.

Immediate Action: Organizations must immediately apply security updates provided by Mozilla. All instances of Firefox should be updated to version 143 or later, and all instances of Firefox ESR should be updated to version 140 or later. System administrators should verify the successful deployment of these patches across all endpoints.

Proactive Monitoring: Security teams should actively monitor for signs of exploitation. This includes scrutinizing endpoint security logs for anomalous processes spawned by firefox.exe, monitoring outbound network traffic from workstations for connections to suspicious or newly registered domains, and reviewing web proxy and DNS logs for unusual patterns. Endpoint Detection and Response (EDR) systems should be configured to alert on common memory exploitation techniques.

Compensating Controls: If immediate patching is not feasible, the following controls can help mitigate risk:

• Utilize a secure web gateway or DNS filtering service to block access to malicious and uncategorized websites.
• Ensure EDR solutions are properly configured to detect and block browser-based exploits.
• Enforce the principle of least privilege for user accounts to limit the post-exploitation impact.
• Consider deploying browser isolation technology to execute web sessions in a secure, remote environment.

Public Exploit Available: false

Given the high CVSS score and the potential for remote code execution with minimal user interaction, this vulnerability presents a critical risk to the organization. All vulnerable versions of Mozilla Firefox and Firefox ESR must be patched on an emergency basis. Priority should be given to systems used by employees with privileged access or those who handle sensitive data. Although this CVE is not currently listed on the CISA KEV catalog, its severity makes it a likely candidate for future inclusion, and it should be treated with the highest priority.