17 matches found
EUVD-2026-37098
Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12295
CVE-2026-12295 describes a sandbox escape in the DOM: Navigation component affecting Mozilla Firefox and Thunderbird. The vulnerability is fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. The entry lists a CVSS v3.1 base score of 9.6 (CRITICAL...
CVE-2026-12289
CVE-2026-12289 describes a privilege-escalation vulnerability in the Graphics: WebRender component. The public description and connected advisories indicate this affects Mozilla Firefox and Thunderbird products, with fixes shipped in: Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbi...
PT-2026-49682
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 152 Firefox ESR versions prior to 140.12 Thunderbird versions prior to 152 Thunderbird versions prior to 140.12 Description An information disclosure and sandbox escape issue exists within the Security: Process...
CVE-2026-8953 Sandbox escape due to use-after-free in the Disability Access APIs component
Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...
EUVD-2026-24098
Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10...
EUVD-2026-24103
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10...
EUVD-2026-24088
Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10...
CVE-2026-6781
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...
CVE-2026-6774 Mitigation bypass in the DOM: Security component
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...
CVE-2026-6755 Mitigation bypass in the DOM: postMessage component
Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...
CVE-2026-6755 Mitigation bypass in the DOM: postMessage component
Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...
CVE-2026-6754 Use-after-free in the JavaScript Engine component
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...
CVE-2026-6754
CVE-2026-6754 is a memory-safety issue (Use-after-free) in the JavaScript Engine component that was fixed in Firefox 150 and related ESR branches, as well as Thunderbird 150/140.x lines. Public advisories confirm the flaw in the JavaScript engine leads to a potentially exploitable memory corrupti...
CVE-2026-6746 Use-after-free in the DOM: Core & HTML component
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...
PT-2026-33968
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150 Thunderbird versions prior to 150 Description Information disclosure occurs in the IP Protection component. Recommendations Update Firefox to version 150. Update Thunderbird to version 150...
PT-2026-33970
Name of the Vulnerable Software and Affected Versions Firefox version 149 Thunderbird version 149 Description Memory safety bugs exist that show evidence of memory corruption, which could potentially be exploited to execute arbitrary code. Recommendations Update Firefox to version 150. Update...