Skip to content
Threat Feed
medium advisory

Mozilla Firefox Multiple Vulnerabilities

Mozilla released a security advisory addressing vulnerabilities in Firefox and Firefox ESR versions prior to 150.0.1, 140.10.1, and 115.35.1, potentially leading to arbitrary code execution or information disclosure.

On April 28, 2026, Mozilla published a security advisory (AV26-401) addressing multiple vulnerabilities in Firefox and Firefox ESR. The affected products include Firefox versions prior to 150.0.1, Firefox ESR versions prior to 140.10.1, and Firefox ESR versions prior to 115.35.1. Successful exploitation of these vulnerabilities could lead to arbitrary code execution, information disclosure, or denial-of-service. The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates to mitigate the risks associated with these vulnerabilities. These vulnerabilities could be exploited by attackers to compromise user systems.

Attack Chain

  1. An attacker crafts a malicious webpage or injects malicious code into a trusted website.
  2. A user visits the malicious website or a compromised trusted website using a vulnerable version of Firefox.
  3. The browser parses the malicious HTML/JavaScript code.
  4. One of the vulnerabilities (memory corruption, use-after-free, etc.) is triggered during the parsing or rendering process.
  5. The attacker gains control of the browser process.
  6. The attacker leverages the gained control to execute arbitrary code on the user’s system.
  7. The attacker installs malware, such as a keylogger or remote access trojan (RAT).
  8. The attacker performs malicious activities, such as stealing sensitive data or establishing a command and control channel.

Impact

Successful exploitation of these vulnerabilities could lead to arbitrary code execution, potentially allowing an attacker to gain control of the affected system. This can lead to data theft, malware installation, and further compromise of the network. The scope of impact depends on the privileges of the user running the vulnerable Firefox version. Since Firefox is a widely used browser, a large number of users are potentially at risk if they do not apply the necessary updates.

Recommendation

Detection coverage 2

Detect Firefox Process Launching Suspicious Child Process

high

Detects Firefox launching a suspicious child process, which could indicate exploitation or malware activity.

sigma tactics: execution techniques: T1059.001 sources: process_creation, windows

Detect Firefox Network Connection to Non-Standard Ports

medium

Detects Firefox making network connections to non-standard ports, which could indicate C2 activity after exploitation.

sigma tactics: command_and_control techniques: T1071.001 sources: network_connection, windows

Detection queries are available on the platform. Get full rules →