firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these...

CVE-2026-8971 Same-origin policy bypass in the Networking: JAR component

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...

CVE-2026-8962

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-8956

The CVE-2026-8956 issue is an integer overflow in the Networking: JAR component. Affected products include Firefox (includes Firefox 151 and Firefox ESR 140.11) and Thunderbird (incl. Thunderbird 151 and Thunderbird 140.11). The root cause is an integer overflow within the JAR networking module, ...

CVE-2026-8953 Sandbox escape due to use-after-free in the Disability Access APIs component

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-8950

CVE-2026-8950 is a reported same-origin policy bypass in the Networking: HTTP component, with root cause not explicitly detailed in the provided documents. Affected software includes Firefox (fixed in version 151) and Firefox ESR (140.11), as well as Thunderbird (fixed in 151 and 140.11). The CVS...

CVE-2026-8949 Integer overflow in the Widget: Win32 component

Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-8947

CVE-2026-8947 describes a use-after-free in the DOM: Bindings (WebIDL) component of Firefox. The available sources confirm the issue and state it was fixed in Firefox 151, Firefox ESR 115.36, and Firefox ESR 140.11. The documents do not provide exploit details, affected subcomponents beyond the W...

Security Vulnerabilities fixed in Thunderbird 151 — Mozilla

Memory safety bugs present in Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs...