Mozilla Firefox and Thunderbird contain a critical use-after-free vulnerability in their JavaScript Engine that enables unauthenticated remote code execution.

This use-after-free (UAF) vulnerability is located within the core JavaScript Engine. It allows an unauthenticated attacker to manipulate memory objects via malicious scripts, resulting in the execution of arbitrary code on the victim's machine.

This vulnerability poses a severe risk to data confidentiality and system availability. An attacker who successfully exploits this flaw can gain complete control over the user's browser session and the underlying operating system. The CVSS score of 9.8 reflects the high severity and the critical need for immediate remediation.

Immediate Action: Update Firefox and Thunderbird to version 149 or higher immediately to resolve this memory corruption issue.

Proactive Monitoring: Monitor for unexpected browser crashes and use EDR tools to detect shellcode execution or other indicators of browser-based attacks.

Compensating Controls: Utilize web filtering to block access to high-risk or uncategorized websites that may host malicious JavaScript.

Public Exploit Available: No

The criticality of this vulnerability necessitates immediate action. We recommend that IT administrators prioritize the deployment of the latest Mozilla updates to all endpoints to prevent unauthenticated remote code execution.