critical advisory March 25, 2026

Firefox and Thunderbird Memory Safety Vulnerability (CVE-2026-4720)

A memory safety vulnerability (CVE-2026-4720) in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 could lead to memory corruption and potential arbitrary code execution if successfully exploited.

A critical memory safety vulnerability, tracked as CVE-2026-4720, affects Mozilla Firefox and Thunderbird. Specifically, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148, and Thunderbird 148 are vulnerable. The identified memory safety bugs exhibit evidence of memory corruption, suggesting that with sufficient effort, attackers could exploit these vulnerabilities to execute arbitrary code on affected systems. Users of Firefox versions prior to 149, Firefox ESR versions prior to 140.9…

Detection coverage 2

Detect Firefox Thunderbird Memory Safety Exploitation

high

Detects potential exploitation attempts of memory safety vulnerabilities in Firefox and Thunderbird by monitoring for unexpected child processes.

sigma tactics: execution techniques: T1059.001, T1204.002 sources: process_creation, windows

Detect Firefox Thunderbird Network Connection to Suspicious Domains

medium

Detects potential exploitation attempts of memory safety vulnerabilities in Firefox and Thunderbird by monitoring for connections to unusual TLDs.

sigma tactics: command_and_control techniques: T1071.001 sources: network_connection, windows

Detection queries are kept inside the platform. Get full rules →

Detection coverage 2

Indicators of compromise