A use-after-free vulnerability in Mozilla Firefox and Thunderbird allows unauthenticated attackers to escape the browser sandbox and execute code with full system privileges.

This vulnerability is a use-after-free in the "Disability Access APIs" component. It specifically allows for a sandbox escape, meaning an unauthenticated attacker can move from the restricted browser process to the host operating system.

A sandbox escape is one of the most severe browser vulnerabilities, as it bypasses the primary security layer designed to contain exploits. This allows an attacker to gain full control of the host machine, leading to total compromise of data and credentials. The CVSS score of 10.0 represents the maximum possible risk level.

Immediate Action: Update all Firefox and Thunderbird installations to the latest versions (149 or ESR 140.9) immediately to patch this critical sandbox escape.

Proactive Monitoring: Monitor for unauthorized privilege escalation and the creation of unexpected system-level processes by browser applications.

Compensating Controls: Use OS-level security features like AppLocker or SELinux to further restrict the capabilities of browser processes, even if a sandbox escape occurs.

Public Exploit Available: No

With a CVSS score of 10.0, this is the highest priority vulnerability in this batch. Organizations must treat this as an emergency and ensure that every instance of Mozilla Firefox and Thunderbird is updated immediately to prevent a total system compromise.