CVE-2026-7322Out-of-bounds Write in Mozilla Firefox

8 documents3 sources
Severity
7.3HIGHNVD
EPSS
0.0%
top 88.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedApr 28

Description

Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages3 packages

Mozillamozilla/firefox< Firefox 150.0.1
Mozillamozilla/firefox_esr< Firefox ESR 115.35.1+1
Mozillamozilla/thunderbird< Thunderbird 140.10.1+1

🔴Vulnerability Details

2
VulDB
Mozilla Thunderbird up to 150.0.0 memory corruption2026-04-28
VulDB
Mozilla Firefox up to 150.0.0 memory corruption2026-04-28

📋Vendor Advisories

5
Mozilla
Mozilla Foundation Security Advisory 2026-39: CVE-2026-7322
Mozilla
Mozilla Foundation Security Advisory 2026-38: CVE-2026-7322
Mozilla
Mozilla Foundation Security Advisory 2026-35: CVE-2026-7322
Mozilla
Mozilla Foundation Security Advisory 2026-37: CVE-2026-7322
Mozilla
Mozilla Foundation Security Advisory 2026-36: CVE-2026-7322
CVE-2026-7322 — Out-of-bounds Write in Mozilla Firefox | cvebase