A critical vulnerability involving undefined behavior in the WebRTC: Signaling component of Mozilla Firefox and Thunderbird could lead to remote code execution.

The vulnerability stems from undefined behavior within the WebRTC: Signaling component. This type of flaw can be triggered by unauthenticated remote attackers to cause memory corruption or unpredictable application states.

WebRTC vulnerabilities are particularly dangerous as they can often be triggered through malicious websites or malicious peer-to-peer connections. With a CVSS score of 9.8, this vulnerability poses a severe risk of remote code execution, which could result in the theft of sensitive session data or the compromise of the user's workstation.

Immediate Action: Update all Mozilla Firefox and Thunderbird installations to the latest versions (149 or 140.9 ESR) to resolve the undefined behavior in WebRTC.

Proactive Monitoring: Review logs for unusual WebRTC connection attempts or frequent crashes of the browser process during media sessions.

Compensating Controls: Implement browser isolation technologies or restrict WebRTC functionality via Group Policy if real-time communication is not required for certain user groups.

Public Exploit Available: Unknown

Undefined behavior in core communication components often provides a reliable pathway for remote exploitation. Immediate patching is the only effective way to ensure that users are protected from malicious actors who might target WebRTC signaling to gain unauthorized access.