Mozilla Firefox vulnerabilities

CVE-2026-5734 [CRITICAL] CWE-787 CVE-2026-5734: Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thun Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 140.9.1, Thunder

CVE-2026-5735 [CRITICAL] CWE-787 CVE-2026-5735: Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evi Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2 and Thunderbird < 149.0.2.

CVE-2026-5731 [CRITICAL] CWE-119 CVE-2026-5731: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Fi Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2, Firefox

CVE-2026-5732 [HIGH] CWE-190 CVE-2026-5732: Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 140.9.1, Thunderbird < 149.0.2, and Thunderbird < 140.9.1.

CVE-2026-5733 [HIGH] CWE-119 CVE-2026-5733: Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 149.0.2 and Thunderbird < 149.0.2.

CVE-2026-4711 [CRITICAL] CWE-416 CVE-2026-4711: Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4701 [CRITICAL] CWE-416 CVE-2026-4701: Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4725 [CRITICAL] CWE-416 CVE-2026-4725: Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149 and Thunderbird < 149.

CVE-2026-4710 [CRITICAL] CWE-119 CVE-2026-4710: Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149 Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4689 [CRITICAL] CWE-190 CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This v Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4688 [CRITICAL] CWE-416 CVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability aff Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4721 [CRITICAL] CWE-120 CVE-2026-4721: Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firef

CVE-2026-4702 [CRITICAL] CWE-843 CVE-2026-4702: JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Fir JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4729 [CRITICAL] CWE-120 CVE-2026-4729: Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149 and Thunderbird < 149.

CVE-2026-4715 [CRITICAL] CWE-908 CVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4692 [CRITICAL] CVE-2026-4692: Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Fi Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4720 [CRITICAL] CWE-120 CVE-2026-4720: Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thu

CVE-2026-4705 [CRITICAL] CWE-758 CVE-2026-4705: Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Fir Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4724 [CRITICAL] CWE-758 CVE-2026-4724: Undefined behavior in the Audio/Video component. This vulnerability affects Firefox < 149 and Thunde Undefined behavior in the Audio/Video component. This vulnerability affects Firefox < 149 and Thunderbird < 149.

CVE-2026-4723 [CRITICAL] CWE-416 CVE-2026-4723: Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Thun Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149 and Thunderbird < 149.