A critical vulnerability has been discovered in the Graphics component of multiple Mozilla Firefox products. This flaw, resulting from incorrect boundary conditions, allows a remote attacker to bypass the browser's security sandbox by tricking a user into visiting a malicious webpage, potentially leading to arbitrary code execution on the user's system and a full compromise of the machine.

This vulnerability is a sandbox escape caused by a flaw in how the browser's Graphics component handles boundary conditions. An attacker can exploit this by crafting a malicious webpage with specially designed graphical content. When a user with a vulnerable version of Firefox visits this page, the flawed code processes the content incorrectly, leading to a memory corruption error that allows the attacker to write data outside of its intended memory buffer. This can be leveraged to execute arbitrary code, escaping the browser's sandbox and gaining control over the underlying operating system with the permissions of the logged-in user.

This vulnerability is rated as critical severity with a CVSS score of 9.8, posing a significant risk to the organization. Successful exploitation could lead to a complete compromise of an endpoint system, allowing an attacker to install malware (such as ransomware or spyware), steal sensitive corporate data, capture user credentials, or use the compromised machine as a pivot point to move laterally within the network. The potential consequences include major data breaches, financial loss, operational disruption, and significant reputational damage.

Immediate Action: Immediately update all affected Mozilla Firefox and Firefox ESR installations to the latest patched versions (Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, or later). Following the update, monitor endpoints for any signs of exploitation attempts by reviewing security logs for anomalous activity originating from browser processes.

Proactive Monitoring:

• Monitor Endpoint Detection and Response (EDR) logs for suspicious child processes being spawned by firefox.exe (e.g., cmd.exe, powershell.exe).
• Analyze network traffic for unusual outbound connections from workstations to unknown or malicious IP addresses.
• Review system logs for unexpected file creation, modification, or registry changes originating from the browser.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Use application control solutions to prevent browsers from launching unauthorized executables.
• Ensure web filtering and DNS security are in place to block access to uncategorized or known malicious websites.
• Confirm that endpoint antivirus and EDR solutions are up-to-date and configured to detect and block memory exploitation techniques.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the potential for complete system compromise via a common attack vector (web browsing), it is imperative that organizations treat this vulnerability with the highest priority. The absence of a CISA KEV listing should not reduce the urgency. We strongly recommend that all vulnerable Firefox installations are patched immediately to mitigate the risk of data breaches and malware infections.