A critical JIT compiler error in Mozilla Firefox and Thunderbird allows for unauthenticated remote code execution, posing a severe threat to system security.

This vulnerability is caused by a JIT (Just-In-Time) miscompilation within the JavaScript Engine. It allows an unauthenticated attacker to bypass type safety and memory protections by serving malicious JavaScript, resulting in remote code execution.

An attacker could gain full control over the affected system, leading to unauthorized data access and potential lateral movement within the corporate network. The CVSS score of 9.8 indicates a critical risk level, as the vulnerability can be exploited remotely with minimal user interaction beyond visiting a compromised website.

Immediate Action: Update all Mozilla Firefox and Thunderbird instances to the latest patched versions (Firefox 149 / ESR 140.9) immediately.

Proactive Monitoring: Watch for unusual network traffic originating from browser processes and monitor for unexpected application crashes that could indicate failed exploit attempts.

Compensating Controls: Use application control policies to restrict the execution of unauthorized programs and scripts on endpoint devices.

Public Exploit Available: No

The potential for unauthenticated remote code execution makes this a high-priority item for security teams. Organizations should ensure that browser update mechanisms are functioning correctly and that all users are running the most recent, secure versions of Mozilla software.