Mozilla Firefox Esr vulnerabilities

CVE-2026-5734 [CRITICAL] CWE-787 CVE-2026-5734: Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thun Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 140.9.1, Thunder

CVE-2026-5731 [CRITICAL] CWE-119 CVE-2026-5731: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Fi Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2, Firefox

CVE-2026-5732 [HIGH] CWE-190 CVE-2026-5732: Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 140.9.1, Thunderbird < 149.0.2, and Thunderbird < 140.9.1.

CVE-2026-4711 [CRITICAL] CWE-416 CVE-2026-4711: Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4701 [CRITICAL] CWE-416 CVE-2026-4701: Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4710 [CRITICAL] CWE-119 CVE-2026-4710: Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149 Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4689 [CRITICAL] CWE-190 CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This v Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4688 [CRITICAL] CWE-416 CVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability aff Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4721 [CRITICAL] CWE-120 CVE-2026-4721: Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firef

CVE-2026-4702 [CRITICAL] CWE-843 CVE-2026-4702: JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Fir JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4715 [CRITICAL] CWE-908 CVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4692 [CRITICAL] CVE-2026-4692: Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Fi Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4720 [CRITICAL] CWE-120 CVE-2026-4720: Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thu

CVE-2026-4705 [CRITICAL] CWE-758 CVE-2026-4705: Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Fir Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4691 [CRITICAL] CWE-416 CVE-2026-4691: Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 14 Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4700 [CRITICAL] CWE-288 CVE-2026-4700: Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firef Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4696 [CRITICAL] CWE-416 CVE-2026-4696: Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Fi Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4698 [CRITICAL] CWE-843 CVE-2026-4698: JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4717 [CRITICAL] CVE-2026-4717: Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4716 [CRITICAL] CWE-908 CVE-2026-4716: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnera Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.