A critical vulnerability has been identified in Mozilla Firefox and Firefox ESR, which allows a remote attacker to escape the browser's security sandbox and execute arbitrary code on the underlying system. An attacker can exploit this by tricking a user into visiting a specially crafted webpage that uses manipulated WebGL textures. Successful exploitation could lead to a full system compromise, allowing the attacker to steal sensitive data or install malware.

This vulnerability is an out-of-bounds read and write flaw within the browser's handling of WebGL textures. A low-privilege web content process, which is normally isolated in a security sandbox, can send manipulated WebGL texture data to the more privileged parent process. This manipulation causes the parent process to read from or write to memory locations outside of their intended boundaries, leading to a sandbox escape and allowing the attacker to execute arbitrary code with the privileges of the browser process.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could have a severe impact on the business, leading to a complete compromise of an employee's workstation. Potential consequences include the theft of corporate credentials, sensitive financial data, intellectual property, and personal information. Furthermore, a compromised system could be used as a foothold to launch further attacks against the internal network, install ransomware, or be integrated into a botnet.

Immediate Action: The primary remediation is to update all instances of Mozilla Firefox and Firefox ESR to the latest patched versions (Firefox 144 and Firefox ESR 115 or later). Deploy these updates immediately through centralized patch management systems. In addition, security teams should monitor for any signs of exploitation attempts by reviewing endpoint detection and response (EDR) alerts and access logs for anomalous activity originating from browser processes.

Proactive Monitoring: Security teams should actively monitor for indicators of compromise. This includes looking for unusual child processes spawned by firefox.exe (e.g., cmd.exe, powershell.exe), unexpected network connections to unknown IP addresses or domains, and abnormal CPU or memory usage from browser processes. Configure EDR and SIEM solutions to alert on such behaviors.

Compensating Controls: If immediate patching is not feasible, consider the following temporary controls:

• Enforce the use of an alternative, unaffected web browser for accessing untrusted external websites.
• Utilize web filtering and proxy solutions to block access to suspicious or newly registered domains.
• Ensure endpoint security solutions are up-to-date and configured to detect and block suspicious process behavior.
• Disabling WebGL in the browser's advanced settings can mitigate this specific attack vector, but may cause legitimate websites to function incorrectly.

Public Exploit Available: Not publicly known at the time of this report.

Due to the critical severity (CVSS 9.8) of this vulnerability and its potential for complete system compromise, immediate action is required. We strongly recommend that all affected versions of Mozilla Firefox and Firefox ESR be updated to the latest patched versions across the entire organization without delay. This vulnerability should be treated as a top priority for patching cycles. Even though there is no known active exploitation, the risk of a remote code execution vulnerability in a widely used browser is exceptionally high.