Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox

The Firefox team doesn’t think emerging AI capabilities will upend cybersecurity long term, but they warn that software developers are likely in for a rocky transition...

thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of...

CVE-2026-6784

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

CVE-2026-6784

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

CVE-2026-6786

CVE-2026-6786 refers to memory-safety bugs in Mozilla products (Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149, Thunderbird 149) with evidence of memory corruption. The description notes that some bugs could be exploited to run arbitrary code, and the fixes are implemented in Firefox 150, ...

CVE-2026-6785 Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

CVE-2026-6784 Memory safety bugs fixed in Firefox 150 and Thunderbird 150

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

CVE-2026-6785

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

MGASA-2026-0106 Updated firefox & thunderbird packages fix security vulnerabilities

Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2. CVE-2026-5731 Incorrect boundary conditions, integer overflow in the Graphics: Text component. CVE-2026-5732 Memory safety bugs fixed in Firefox ESR 140.9.1,...

Mozilla Firefox ESR < 140.10

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 140.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-32 advisory. - Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149...

Security Vulnerabilities fixed in Thunderbird 150 — Mozilla

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9,...

Mozilla Firefox ESR < 140.10

The version of Firefox ESR installed on the remote Windows host is prior to 140.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-32 advisory. - Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of...

Mozilla Firefox ESR < 115.35

The version of Firefox ESR installed on the remote Windows host is prior to 115.35. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-31 advisory. - Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140....

Mozilla Firefox < 150.0

The version of Firefox installed on the remote Windows host is prior to 150.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-30 advisory. - Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed i...

Security Vulnerabilities fixed in Firefox ESR 140.10 — Mozilla

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety...

PT-2026-33970

Name of the Vulnerable Software and Affected Versions Firefox version 149 Thunderbird version 149 Description Memory safety bugs exist that show evidence of memory corruption, which could potentially be exploited to execute arbitrary code. Recommendations Update Firefox to version 150. Update...

Security Vulnerabilities fixed in Firefox 150 — Mozilla

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9,...

MiracleLinux 8 : firefox-140.9.1-1.el8_10.ML.1 (AXSA:2026-480:08)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-480:08 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion...

ALSA-2026:9345 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion...