A privilege escalation flaw in the WebRender component of Mozilla products allows remote attackers to elevate privileges through user interaction.

This is a privilege escalation vulnerability in the Graphics: WebRender component. The attack can be initiated remotely without authentication, though it specifically requires user interaction to execute.

With a CVSS score of 8.8, this vulnerability is considered a high-priority threat. Successful exploitation allows an attacker to gain elevated privileges, potentially leading to full system compromise, data theft, or the installation of malicious software. The requirement for user interaction does not significantly lower the risk in enterprise environments where end-user workstations are frequent targets.

Immediate Action: Update to Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, or Thunderbird 152/140.12 as applicable.

Proactive Monitoring: Review endpoint security logs for signs of unauthorized process execution or unexpected privilege changes following browser activity.

Compensating Controls: Use browser-based security policies to restrict the execution of untrusted scripts and content, and maintain robust endpoint detection and response (EDR) coverage.

Public Exploit Available: false

Given the potential for privilege escalation and the ubiquity of these browsers, immediate patching is required. Security teams should prioritize the deployment of the specified versions across all managed workstations and servers to close this critical security gap.