Firefox

Firefox 148 and Thunderbird 148 contain memory safety bugs that could potentially be exploited to execute arbitrary code, impacting versions prior to 149.

A memory safety vulnerability (CVE-2026-4720) in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 could lead to memory corruption and potential arbitrary code execution if successfully exploited.

A use-after-free vulnerability, CVE-2026-4723, in the JavaScript Engine of Mozilla Firefox and Thunderbird before version 149 could allow arbitrary code execution if successfully exploited by an attacker.

A use-after-free vulnerability in the Canvas2D component of Mozilla Firefox and Thunderbird versions before 149 allows for a potential sandbox escape.

CVE-2026-4715 is a critical vulnerability involving uninitialized memory in the Graphics: Canvas2D component of Firefox, Firefox ESR, and Thunderbird, potentially leading to information disclosure or arbitrary code execution.

CVE-2026-4719 describes an incorrect boundary condition in the Graphics: Text component of Mozilla Firefox and Thunderbird, potentially leading to a denial-of-service condition in vulnerable versions.

CVE-2026-4717 is a critical privilege escalation vulnerability in the Netmonitor component of Firefox, Firefox ESR, and Thunderbird, potentially allowing an attacker to gain elevated privileges on a vulnerable system.

CVE-2026-4704 is a denial-of-service vulnerability in the WebRTC Signaling component affecting Firefox, Firefox ESR, and Thunderbird, potentially disrupting service availability.

CVE-2026-4700 is a critical vulnerability in the Networking: HTTP component of Firefox, Firefox ESR, and Thunderbird, allowing a mitigation bypass in versions prior to Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

An incorrect boundary condition in the Audio/Video Web Codecs component in Mozilla Firefox and Thunderbird (CVE-2026-4695) could lead to a denial-of-service (DoS) condition due to a vulnerability that affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4697 is a denial-of-service vulnerability due to incorrect boundary conditions in the Audio/Video Web Codecs component of Mozilla Firefox and Thunderbird, potentially leading to application crashes.

CVE-2026-4693 is a vulnerability due to incorrect boundary conditions in the Audio/Video: Playback component of Mozilla Firefox and Thunderbird, potentially leading to a denial-of-service condition.

A critical JIT miscompilation vulnerability (CVE-2026-4698) in the JavaScript engine affects Firefox and Thunderbird, potentially leading to remote code execution.

An improper boundary condition vulnerability in the Canvas2D component of Mozilla Firefox, Firefox ESR, and Thunderbird (CVE-2026-4685) could allow for a denial-of-service condition.

CVE-2026-4687 is a sandbox escape vulnerability in Firefox and Thunderbird due to incorrect boundary conditions in the Telemetry component, potentially allowing an attacker to execute arbitrary code outside the sandbox.

This analytic detects non-Firefox processes accessing the Firefox profile directory, potentially indicating malware attempting to harvest sensitive user data like login credentials, browsing history, and cookies.