Mozilla Firefox and Thunderbird contain a critical memory corruption vulnerability in the text layout engine that enables remote code execution by unauthenticated attackers.

The vulnerability is a use-after-free flaw in the "Layout: Text and Fonts" component. It occurs when the application attempts to access memory after it has been freed, which an unauthenticated attacker can exploit via a malicious website or email.

Successful exploitation allows an attacker to bypass security boundaries and execute arbitrary code. This could lead to the exfiltration of sensitive user data, credential harvesting, or the establishment of a persistent foothold within the corporate network. The CVSS score of 9.8 reflects the high impact on confidentiality, integrity, and availability.

Immediate Action: Deploy the latest security updates provided by Mozilla for Firefox and Thunderbird to all end-user devices.

Proactive Monitoring: Review endpoint security logs for signs of memory corruption exploits or suspicious child processes spawned by browser applications.

Compensating Controls: Implement robust email filtering to block malicious attachments and links, and use web content filtering to restrict access to known malicious domains.

Public Exploit Available: No

This vulnerability represents a significant risk to the organization's security posture. Immediate patching is the only reliable mitigation; therefore, IT departments should expedite the rollout of Mozilla updates across the entire enterprise to prevent potential exploitation.