Firefox

A vulnerability in Firefox for iOS versions prior to 151.1 allows an attacker to bypass the security policy (CVE-2026-9078).

Multiple vulnerabilities in Mozilla Firefox, Firefox ESR, and Thunderbird could allow a remote attacker to execute arbitrary code, disclose information, bypass security restrictions, deceive the user, escalate privileges, or cause a denial-of-service condition.

Multiple vulnerabilities exist in Mozilla Firefox, Firefox ESR, and Thunderbird that could allow a remote attacker to execute arbitrary code, disclose sensitive information, bypass security measures, or conduct cross-site scripting or spoofing attacks.

Mozilla released security updates on May 19, 2026, addressing vulnerabilities in Firefox versions prior to 151, Firefox ESR versions prior to 115.36, and Firefox ESR versions prior to 140.11.

Mozilla released security updates to address vulnerabilities in Firefox and Firefox ESR versions, potentially allowing for exploitation if left unpatched.

Mozilla released a security advisory addressing vulnerabilities in Firefox and Firefox ESR versions prior to 150.0.1, 140.10.1, and 115.35.1, potentially leading to arbitrary code execution or information disclosure.

Firefox 148 and Thunderbird 148 contain memory safety bugs that could potentially be exploited to execute arbitrary code, impacting versions prior to 149.

A memory safety vulnerability (CVE-2026-4720) in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 could lead to memory corruption and potential arbitrary code execution if successfully exploited.

A use-after-free vulnerability, CVE-2026-4723, in the JavaScript Engine of Mozilla Firefox and Thunderbird before version 149 could allow arbitrary code execution if successfully exploited by an attacker.

A use-after-free vulnerability in the Canvas2D component of Mozilla Firefox and Thunderbird versions before 149 allows for a potential sandbox escape.

CVE-2026-4715 is a critical vulnerability involving uninitialized memory in the Graphics: Canvas2D component of Firefox, Firefox ESR, and Thunderbird, potentially leading to information disclosure or arbitrary code execution.

CVE-2026-4719 describes an incorrect boundary condition in the Graphics: Text component of Mozilla Firefox and Thunderbird, potentially leading to a denial-of-service condition in vulnerable versions.

CVE-2026-4717 is a critical privilege escalation vulnerability in the Netmonitor component of Firefox, Firefox ESR, and Thunderbird, potentially allowing an attacker to gain elevated privileges on a vulnerable system.

CVE-2026-4704 is a denial-of-service vulnerability in the WebRTC Signaling component affecting Firefox, Firefox ESR, and Thunderbird, potentially disrupting service availability.

CVE-2026-4700 is a critical vulnerability in the Networking: HTTP component of Firefox, Firefox ESR, and Thunderbird, allowing a mitigation bypass in versions prior to Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

An incorrect boundary condition in the Audio/Video Web Codecs component in Mozilla Firefox and Thunderbird (CVE-2026-4695) could lead to a denial-of-service (DoS) condition due to a vulnerability that affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVE-2026-4697 is a denial-of-service vulnerability due to incorrect boundary conditions in the Audio/Video Web Codecs component of Mozilla Firefox and Thunderbird, potentially leading to application crashes.

CVE-2026-4693 is a vulnerability due to incorrect boundary conditions in the Audio/Video: Playback component of Mozilla Firefox and Thunderbird, potentially leading to a denial-of-service condition.

A critical JIT miscompilation vulnerability (CVE-2026-4698) in the JavaScript engine affects Firefox and Thunderbird, potentially leading to remote code execution.

An improper boundary condition vulnerability in the Canvas2D component of Mozilla Firefox, Firefox ESR, and Thunderbird (CVE-2026-4685) could allow for a denial-of-service condition.

CVE-2026-4687 is a sandbox escape vulnerability in Firefox and Thunderbird due to incorrect boundary conditions in the Telemetry component, potentially allowing an attacker to execute arbitrary code outside the sandbox.

A Firefox 0-day exploit was used to target Mac users, dropping a second backdoor identified as a new variant of the cross-platform Mokes malware (OSX.Mokes.B) with screen capture, audio capture, and document exfiltration capabilities.

This analytic detects non-Firefox processes accessing the Firefox profile directory, potentially indicating malware attempting to harvest sensitive user data like login credentials, browsing history, and cookies.