Mozilla Firefox ESR < 140.10

🗓️ 21 Apr 2026 00:00:00Reported by TenableType

Firefox before 140.10 on macOS has memory safety bugs risking code execution.

Reporter	Title	Published	Views	Family All 1500
FreeBSD	Mozilla -- Privilege escalation in the Debugger component	21 Apr 202600:00	–	freebsd
FreeBSD	Mozilla -- Other issue in the Storage: IndexedDB component	21 Apr 202600:00	–	freebsd
FreeBSD	Mozilla -- Mitigation bypass	21 Apr 202600:00	–	freebsd
FreeBSD	Mozilla -- Incorrect boundary conditions	21 Apr 202600:00	–	freebsd
FreeBSD	firefox -- Use-after-free	21 Apr 202600:00	–	freebsd
FreeBSD	Mozilla -- Incorrect boundary conditions	21 Apr 202600:00	–	freebsd
FreeBSD	Mozilla -- Use-after-free	21 Apr 202600:00	–	freebsd
FreeBSD	Mozilla -- Uninitialized memory	21 Apr 202600:00	–	freebsd
FreeBSD	Mozilla -- Information disclosure	21 Apr 202600:00	–	freebsd
FreeBSD	Mozilla -- Privilege escalation	21 Apr 202600:00	–	freebsd

Source	Link
mozilla	www.mozilla.org/en-US/security/advisories/mfsa2026-32/
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
## 
# (C) Tenable, Inc.
#                                  
# The descriptive text and package checks in this plugin were
# extracted from Mozilla Foundation Security Advisory mfsa2026-32.
# The text itself is copyright (C) Mozilla Foundation.
##

include('compat.inc');

if (description)
{
  script_id(307897);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/01");

  script_cve_id(
    "CVE-2026-6746",
    "CVE-2026-6747",
    "CVE-2026-6748",
    "CVE-2026-6749",
    "CVE-2026-6750",
    "CVE-2026-6751",
    "CVE-2026-6752",
    "CVE-2026-6753",
    "CVE-2026-6754",
    "CVE-2026-6757",
    "CVE-2026-6759",
    "CVE-2026-6761",
    "CVE-2026-6762",
    "CVE-2026-6763",
    "CVE-2026-6764",
    "CVE-2026-6765",
    "CVE-2026-6766",
    "CVE-2026-6767",
    "CVE-2026-6769",
    "CVE-2026-6770",
    "CVE-2026-6771",
    "CVE-2026-6772",
    "CVE-2026-6776",
    "CVE-2026-6785",
    "CVE-2026-6786"
  );

  script_name(english:"Mozilla Firefox ESR < 140.10");

  script_set_attribute(attribute:"synopsis", value:
"A web browser installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 140.10. It is, therefore, affected
by multiple vulnerabilities as referenced in the mfsa2026-32 advisory.

  - Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of
    these could have been exploited to run arbitrary code. (CVE-2026-6786)

  - Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149
    and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with
    enough effort some of these could have been exploited to run arbitrary code. (CVE-2026-6785)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Mozilla Firefox ESR version 140.10 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-6786");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-6771");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/04/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:mozilla:firefox_esr");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_firefox_installed.nasl");
  script_require_keys("installed_sw/Mozilla Firefox ESR");

  exit(0);
}

include('vdf.inc');

# @tvdl-content-verify-only
var vuln_data = {
  "metadata": {
    "spec_version": "1.0"
  },
  "requires": [
    {
      "scope": "target",
      "match": {
        "os": "macos"
      }
    }
  ],
  "checks": [
    {
      "product": {
        "name": "Mozilla Firefox ESR",
        "type": "app"
      },
      "check_algorithm": "default",
      "constraints": [
        {
          "min_version": "140.0.0",
          "fixed_version": "140.10"
        }
      ]
    }
  ]
};

var vdf_result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:vdf_result);

01 May 2026 00:00Current

6Medium risk

Vulners AI Score6

CVSS 3.19.8

EPSS0.04938

SSVC