A critical use-after-free memory corruption vulnerability has been identified in Mozilla Firefox on the Windows operating system. This flaw, triggered by web extensions using the native messaging API, can cause the browser to crash and may allow an attacker to execute arbitrary code, leading to a full compromise of the affected user's system.

This vulnerability is a use-after-free memory corruption flaw that exists within Firefox's handling of the native messaging API on Windows platforms. An attacker can exploit this by convincing a user to install a malicious web extension or by compromising a legitimate one. The extension can then send a specially crafted message to a native messaging host, causing Firefox to incorrectly access a region of memory that has already been deallocated. This can lead to an exploitable crash, potentially allowing the attacker to execute arbitrary code with the same privileges as the logged-in user.

This vulnerability is rated as critical with a CVSS score of 9.8, posing a severe risk to the organization. Successful exploitation could grant an attacker complete control over an affected endpoint, leading to the theft of sensitive data such as credentials, financial information, and proprietary documents. Furthermore, a compromised system could be used as a pivot point to launch further attacks against the internal network, install persistent malware like ransomware, or be co-opted into a botnet. The potential consequences include significant data breaches, financial loss, operational disruption, and reputational damage.

Immediate Action: Update Starting in Firefox Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.

Proactive Monitoring:

• Utilize Endpoint Detection and Response (EDR) solutions to monitor for firefox.exe process crashes or the spawning of suspicious child processes (e.g., cmd.exe, powershell.exe).
• Review network logs for unusual outbound connections from workstations running Firefox, which may indicate communication with an attacker's command-and-control server.
• Audit browser extension installation logs and system event logs for any unauthorized or suspicious extension activity.

Compensating Controls:

• If immediate patching is not feasible, implement a policy to restrict the installation of unapproved browser extensions.
• Use application control solutions to prevent Firefox from executing unknown or unauthorized applications.
• Ensure host-based intrusion prevention systems (HIPS) and antivirus signatures are up-to-date to detect and block potential post-exploitation payloads.

Public Exploit Available: false

Given the critical severity of this vulnerability and its potential for complete system compromise, immediate action is required. We strongly recommend that all vulnerable versions of Firefox on Windows endpoints are identified and patched to version 144 or later without delay. Organizations should prioritize this patching cycle for all user workstations. If patching cannot be immediately deployed, the compensating controls listed above should be implemented as a temporary measure while enhanced monitoring for signs of exploitation is put in place.