A critical sandbox escape vulnerability in Mozilla Firefox and Thunderbird could allow an attacker to execute arbitrary code outside of the browser's security boundaries.

This is a use-after-free vulnerability residing in the Graphics: Canvas2D component. It allows an unauthenticated remote attacker to escape the application sandbox by manipulating memory after it has been freed.

A sandbox escape is one of the most severe types of browser vulnerabilities, as it allows malicious code to interact directly with the underlying operating system. With a CVSS score of 10.0, this flaw represents the maximum possible risk to the organization, potentially leading to full host takeover, persistent malware installation, and total loss of data confidentiality.

Immediate Action: Immediately update all installations of Mozilla Firefox and Thunderbird to version 149 or later to patch the use-after-free flaw.

Proactive Monitoring: Implement advanced endpoint detection and response (EDR) rules to identify unusual child processes being spawned by browser or email client executables.

Compensating Controls: Restrict user permissions on workstations to prevent the installation of persistent threats even if a sandbox escape occurs.

Public Exploit Available: Unknown

The severity of a sandbox escape cannot be overstated, as it renders the primary security mechanism of the browser ineffective. Organizations must prioritize the deployment of these updates across all endpoints immediately to mitigate the risk of a complete system breach.