Firefox

Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Published: 2026-05-19T12:29:48.213Z
Updated: 2026-05-19T17:10:48.872Z

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Published: 2026-05-19T12:29:46.724Z
Updated: 2026-05-19T17:10:48.519Z

Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Published: 2026-05-19T12:29:37.800Z
Updated: 2026-05-19T17:10:46.663Z

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Published: 2026-05-19T12:29:36.254Z
Updated: 2026-05-19T17:10:45.651Z

Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Published: 2026-05-12T14:24:33.320Z
Updated: 2026-05-19T17:10:47.433Z

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Published: 2026-05-12T12:36:15.548Z
Updated: 2026-05-19T17:10:47.079Z

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.

Published: 2026-05-12T12:36:13.948Z
Updated: 2026-05-13T18:30:14.904Z

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.

Published: 2026-05-12T12:36:12.516Z
Updated: 2026-05-13T15:50:14.332Z

Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Published: 2026-05-12T12:36:10.633Z
Updated: 2026-05-19T17:10:46.244Z

Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.

Published: 2026-05-07T12:45:06.716Z
Updated: 2026-05-19T16:48:31.003Z

Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.

Published: 2026-05-07T12:45:04.609Z
Updated: 2026-05-08T12:19:00.246Z

Memory safety bugs present in Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Thunderbird 150.0.1.

Published: 2026-04-28T13:49:11.358Z
Updated: 2026-04-30T17:19:52.640Z

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

Published: 2026-04-28T13:49:10.299Z
Updated: 2026-05-07T15:22:40.336Z

Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

Published: 2026-04-28T13:49:09.314Z
Updated: 2026-05-07T15:22:40.028Z

Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1.

Published: 2026-04-28T13:49:12.432Z
Updated: 2026-04-30T17:19:49.963Z

Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.

Published: 2026-04-28T13:49:08.262Z
Updated: 2026-04-30T17:19:50.682Z

Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:41:14.629Z
Updated: 2026-05-26T18:54:11.439Z

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:41:13.980Z
Updated: 2026-05-27T16:52:47.901Z

Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:13.111Z
Updated: 2026-05-27T17:06:44.028Z

Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:12.492Z
Updated: 2026-05-27T17:11:33.086Z

Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:11.823Z
Updated: 2026-05-27T17:03:18.300Z

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:11.105Z
Updated: 2026-05-27T16:58:23.434Z

Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:10.362Z
Updated: 2026-05-26T17:53:20.742Z

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:09.740Z
Updated: 2026-05-26T18:49:24.086Z

Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:09.098Z
Updated: 2026-05-27T17:04:09.519Z

Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:08.452Z
Updated: 2026-05-27T17:02:56.845Z

Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:41:07.745Z
Updated: 2026-05-27T16:56:48.340Z

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:06.920Z
Updated: 2026-05-27T16:54:59.993Z

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:05.957Z
Updated: 2026-05-27T17:10:07.809Z

Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:05.301Z
Updated: 2026-05-27T16:59:46.908Z

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:41:04.596Z
Updated: 2026-05-26T18:14:40.204Z

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:41:03.920Z
Updated: 2026-05-27T16:51:29.513Z

Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:41:03.257Z
Updated: 2026-05-27T17:05:28.546Z

Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:41:02.147Z
Updated: 2026-05-26T17:52:37.408Z

Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:41:01.028Z
Updated: 2026-05-27T17:09:16.299Z

Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:41:00.326Z
Updated: 2026-05-27T17:09:44.359Z

Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:59.634Z
Updated: 2026-05-26T18:39:03.263Z

Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:58.955Z
Updated: 2026-05-27T17:10:37.958Z

Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:58.297Z
Updated: 2026-05-27T17:00:36.069Z

Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:57.591Z
Updated: 2026-05-26T17:51:53.896Z

Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:56.838Z
Updated: 2026-05-26T18:40:29.784Z

Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:56.138Z
Updated: 2026-05-27T17:06:19.059Z

Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:40:55.131Z
Updated: 2026-05-26T17:49:39.113Z

Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:54.329Z
Updated: 2026-05-26T18:29:30.970Z

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:40:53.661Z
Updated: 2026-05-26T18:51:21.061Z

Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:52.961Z
Updated: 2026-05-26T18:07:08.301Z

Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150.

Published: 2026-04-21T12:40:52.082Z
Updated: 2026-05-26T18:26:47.521Z

Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.

Published: 2026-04-21T12:40:51.382Z
Updated: 2026-05-27T16:54:24.193Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:50.577Z
Updated: 2026-05-26T18:13:24.356Z

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:49.893Z
Updated: 2026-05-27T17:11:08.892Z

Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:49.079Z
Updated: 2026-05-26T18:31:28.379Z

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:48.315Z
Updated: 2026-05-27T16:56:22.052Z

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:47.476Z
Updated: 2026-05-27T17:12:31.767Z

Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:46.800Z
Updated: 2026-05-27T17:08:01.576Z

Uninitialized memory in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:45.923Z
Updated: 2026-05-27T17:04:34.858Z

Use-after-free in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:45.203Z
Updated: 2026-05-26T18:37:57.655Z

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

Published: 2026-04-21T12:40:44.148Z
Updated: 2026-05-26T18:53:00.465Z

Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.

Published: 2026-04-07T12:43:15.857Z
Updated: 2026-05-10T20:09:00.271Z

Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.

Published: 2026-04-07T12:43:14.833Z
Updated: 2026-05-26T18:14:09.229Z

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2.

Published: 2026-04-07T12:43:13.804Z
Updated: 2026-04-13T13:51:30.439Z

Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.

Published: 2026-04-07T12:43:12.829Z
Updated: 2026-05-26T18:07:30.209Z

Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

Published: 2026-03-24T12:30:43.835Z
Updated: 2026-04-13T13:51:19.687Z

Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

Published: 2026-03-24T12:30:41.171Z
Updated: 2026-04-13T13:51:08.072Z

Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

Published: 2026-03-24T12:30:40.673Z
Updated: 2026-04-13T13:51:05.682Z

Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

Published: 2026-03-24T12:30:36.840Z
Updated: 2026-04-13T13:50:50.855Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

Published: 2026-03-24T12:30:31.266Z
Updated: 2026-04-13T13:50:27.197Z

Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

Published: 2026-03-24T12:30:30.232Z
Updated: 2026-04-13T13:50:22.290Z

Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:44.312Z
Updated: 2026-04-13T13:51:21.639Z

Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:43.271Z
Updated: 2026-04-13T13:51:17.655Z

Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:42.762Z
Updated: 2026-04-13T13:51:15.420Z

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:40.175Z
Updated: 2026-04-13T13:51:03.533Z

Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:39.453Z
Updated: 2026-04-13T13:51:01.318Z

Uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:38.831Z
Updated: 2026-04-13T13:50:59.102Z

Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:38.311Z
Updated: 2026-04-13T13:50:56.854Z

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:37.800Z
Updated: 2026-04-13T13:50:54.808Z

Information disclosure in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:37.333Z
Updated: 2026-04-13T13:50:52.664Z

Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:36.392Z
Updated: 2026-04-13T13:50:48.884Z

Incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:35.852Z
Updated: 2026-04-13T13:50:46.845Z

Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:35.375Z
Updated: 2026-04-13T13:50:44.839Z

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:34.423Z
Updated: 2026-04-13T13:50:42.608Z

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:33.906Z
Updated: 2026-04-13T13:50:40.488Z

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:33.263Z
Updated: 2026-04-13T13:50:38.452Z

Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:32.731Z
Updated: 2026-04-13T13:50:36.275Z

Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:32.214Z
Updated: 2026-04-13T13:50:34.107Z

JIT miscompilation in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:30.743Z
Updated: 2026-04-13T13:50:24.307Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:29.700Z
Updated: 2026-05-12T16:54:17.477Z

Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:28.913Z
Updated: 2026-05-12T16:53:52.206Z

Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:28.441Z
Updated: 2026-05-12T16:52:31.472Z

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:27.865Z
Updated: 2026-05-22T12:47:58.654Z

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:27.383Z
Updated: 2026-05-07T14:52:47.420Z

Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:26.919Z
Updated: 2026-05-07T14:52:22.615Z

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:26.409Z
Updated: 2026-05-07T14:51:53.337Z

Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:25.919Z
Updated: 2026-05-07T14:51:31.763Z

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:25.391Z
Updated: 2026-05-07T14:51:09.853Z

Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:24.864Z
Updated: 2026-04-13T13:48:45.652Z

Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:24.376Z
Updated: 2026-05-07T14:50:45.605Z

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:23.812Z
Updated: 2026-04-13T13:48:40.559Z

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:23.260Z
Updated: 2026-04-13T13:48:38.103Z

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:22.710Z
Updated: 2026-04-13T13:48:35.360Z

Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:22.179Z
Updated: 2026-04-13T13:48:33.096Z

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:21.639Z
Updated: 2026-05-07T14:50:23.927Z

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:21.064Z
Updated: 2026-05-07T14:49:55.459Z

Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Published: 2026-03-24T12:30:20.420Z
Updated: 2026-04-13T13:46:22.818Z

Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148.0.2.

Published: 2026-03-10T15:03:51.113Z
Updated: 2026-04-13T13:54:06.636Z

Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2.

Published: 2026-03-10T15:03:50.043Z
Updated: 2026-04-13T13:54:04.223Z

Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:34.035Z
Updated: 2026-04-13T13:54:40.828Z

Uninitialized memory in the Graphics: Text component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:33.407Z
Updated: 2026-04-13T13:54:38.306Z

Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:32.768Z
Updated: 2026-04-13T13:54:35.780Z

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:32.144Z
Updated: 2026-04-13T13:54:33.221Z

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:31.491Z
Updated: 2026-04-13T13:54:31.077Z

Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:30.784Z
Updated: 2026-04-13T13:54:28.482Z

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:29.929Z
Updated: 2026-04-13T13:54:26.297Z

Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:29.312Z
Updated: 2026-04-13T13:54:24.117Z

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:28.665Z
Updated: 2026-04-13T13:54:22.045Z

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:28.034Z
Updated: 2026-04-13T13:54:19.927Z

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:27.406Z
Updated: 2026-04-13T13:54:17.607Z

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:26.775Z
Updated: 2026-04-13T13:54:13.816Z

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24T13:33:26.111Z
Updated: 2026-04-13T13:54:11.193Z

Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 148.

Published: 2026-02-24T13:33:25.399Z
Updated: 2026-04-13T13:54:08.870Z

Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:23.571Z
Updated: 2026-04-13T13:53:03.837Z

Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:22.842Z
Updated: 2026-04-13T13:53:50.518Z

Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:22.237Z
Updated: 2026-04-21T02:40:55.797Z

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:21.600Z
Updated: 2026-04-13T13:53:42.980Z

Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:20.961Z
Updated: 2026-04-13T13:53:00.745Z

Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:20.287Z
Updated: 2026-04-21T02:40:29.432Z

Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:19.579Z
Updated: 2026-04-13T13:52:56.351Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:18.980Z
Updated: 2026-05-10T12:54:19.009Z

Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:18.254Z
Updated: 2026-04-13T13:53:37.061Z

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:17.554Z
Updated: 2026-04-16T14:32:57.551Z

Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:16.921Z
Updated: 2026-04-13T13:53:30.360Z

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:16.262Z
Updated: 2026-04-13T13:53:27.919Z

Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35.

Published: 2026-02-24T13:33:15.551Z
Updated: 2026-04-21T12:40:43.312Z

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:14.850Z
Updated: 2026-04-13T13:53:23.298Z

Incorrect boundary conditions in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:14.195Z
Updated: 2026-04-16T14:32:33.729Z

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:13.564Z
Updated: 2026-04-16T14:32:14.511Z

Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:12.869Z
Updated: 2026-04-13T13:52:51.037Z

Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:12.247Z
Updated: 2026-04-16T14:31:49.143Z

Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:11.553Z
Updated: 2026-04-16T14:31:30.683Z

Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:10.821Z
Updated: 2026-04-13T13:52:44.181Z

Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:10.177Z
Updated: 2026-04-16T14:31:07.312Z

Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:09.181Z
Updated: 2026-04-13T13:52:39.456Z

Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:08.538Z
Updated: 2026-04-16T14:30:39.225Z

Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:07.898Z
Updated: 2026-04-13T13:52:34.610Z

Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:06.912Z
Updated: 2026-04-13T13:52:32.795Z

Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:06.258Z
Updated: 2026-04-13T13:53:18.772Z

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:05.551Z
Updated: 2026-04-13T13:53:16.679Z

Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:04.946Z
Updated: 2026-04-16T14:28:29.474Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:03.943Z
Updated: 2026-04-16T14:27:42.110Z

JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:03.207Z
Updated: 2026-04-16T14:27:18.103Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:02.514Z
Updated: 2026-04-15T15:39:44.974Z

Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:01.761Z
Updated: 2026-04-15T15:39:20.955Z

Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:01.011Z
Updated: 2026-04-15T15:38:48.489Z

Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:33:00.290Z
Updated: 2026-04-15T15:38:19.407Z

Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:32:59.173Z
Updated: 2026-04-15T15:38:00.858Z

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:32:58.501Z
Updated: 2026-04-15T15:37:39.628Z

Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Published: 2026-02-24T13:32:57.740Z
Updated: 2026-04-14T15:11:01.347Z

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.

Published: 2026-02-16T14:13:23.559Z
Updated: 2026-04-13T13:53:57.597Z

Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2.

Published: 2026-01-27T15:58:48.799Z
Updated: 2026-04-13T13:53:08.241Z

Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2.

Published: 2026-01-27T15:58:48.472Z
Updated: 2026-04-13T13:53:06.118Z

Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

Published: 2026-01-13T13:30:59.874Z
Updated: 2026-04-13T13:52:12.599Z

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:59.454Z
Updated: 2026-04-13T13:52:10.334Z

Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:59.089Z
Updated: 2026-04-13T13:52:07.852Z

Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

Published: 2026-01-13T13:30:58.675Z
Updated: 2026-04-13T13:52:05.389Z

Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

Published: 2026-01-13T13:30:58.296Z
Updated: 2026-04-13T13:52:02.777Z

Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:57.847Z
Updated: 2026-04-13T13:51:59.523Z

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:57.400Z
Updated: 2026-04-13T13:51:57.056Z

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:56.939Z
Updated: 2026-04-13T13:51:54.970Z

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:56.543Z
Updated: 2026-04-13T13:51:52.987Z

Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:56.043Z
Updated: 2026-04-13T13:51:51.032Z

Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:55.562Z
Updated: 2026-04-13T13:51:48.764Z

Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

Published: 2026-01-13T13:30:55.122Z
Updated: 2026-04-13T13:51:46.729Z

Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:54.679Z
Updated: 2026-04-13T13:51:44.559Z

Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:54.207Z
Updated: 2026-04-13T13:51:42.642Z

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:53.697Z
Updated: 2026-04-13T13:51:40.607Z

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Published: 2026-01-13T13:30:52.979Z
Updated: 2026-04-13T13:51:38.648Z

Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142 and Thunderbird 142.

Published: 2025-08-19T20:33:57.516Z
Updated: 2026-04-13T14:29:49.002Z

Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability was fixed in Firefox 142.

Published: 2025-08-19T20:33:56.025Z
Updated: 2026-04-13T14:29:47.345Z

Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.

Published: 2025-08-19T20:33:55.556Z
Updated: 2026-04-13T14:25:52.926Z

Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2.

Published: 2025-08-19T20:33:58.037Z
Updated: 2026-04-13T14:28:41.568Z

Spoofing issue in the Address Bar component. This vulnerability was fixed in Firefox 142 and Firefox ESR 140.2.

Published: 2025-08-19T20:33:57.019Z
Updated: 2026-04-13T14:28:39.668Z

Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2.

Published: 2025-08-19T20:33:56.512Z
Updated: 2026-04-13T14:28:37.915Z

Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.

Published: 2025-08-19T20:33:55.063Z
Updated: 2026-04-13T14:25:51.187Z

Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.

Published: 2025-08-19T20:33:54.532Z
Updated: 2026-04-13T14:25:49.457Z

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.

Published: 2025-08-19T20:33:53.949Z
Updated: 2026-04-13T14:25:47.601Z

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 141.

Published: 2025-08-19T20:52:46.969Z
Updated: 2026-04-13T14:31:35.465Z

Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141 and Thunderbird 141.

Published: 2025-07-22T20:49:29.263Z
Updated: 2026-04-13T14:30:58.534Z

Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141.

Published: 2025-07-22T20:49:28.983Z
Updated: 2026-04-13T14:31:33.345Z

Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability was fixed in Firefox 141.

Published: 2025-08-19T20:52:46.674Z
Updated: 2026-04-13T14:31:31.459Z

In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141.

Published: 2025-08-19T20:52:46.116Z
Updated: 2026-04-13T14:31:29.505Z

Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Published: 2025-07-22T20:49:28.310Z
Updated: 2026-04-13T14:27:10.161Z

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Published: 2025-07-22T20:49:27.191Z
Updated: 2026-04-13T14:27:04.816Z

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Published: 2025-07-22T20:49:26.764Z
Updated: 2026-04-13T14:27:01.276Z

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Published: 2025-07-22T20:49:25.621Z
Updated: 2026-04-13T14:26:53.773Z

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Published: 2025-07-22T20:49:25.303Z
Updated: 2026-04-13T14:26:51.977Z

Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:28.660Z
Updated: 2026-04-13T14:27:11.988Z

Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:27.749Z
Updated: 2026-04-13T14:27:08.421Z

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:27.477Z
Updated: 2026-04-13T14:27:06.664Z

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:26.507Z
Updated: 2026-04-13T14:26:59.396Z

The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:26.243Z
Updated: 2026-04-13T14:26:57.626Z

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:25.931Z
Updated: 2026-04-13T14:26:55.584Z

Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:24.898Z
Updated: 2026-04-13T14:26:50.157Z

On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:24.592Z
Updated: 2026-04-13T14:26:48.394Z

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.

Published: 2025-07-22T20:49:24.039Z
Updated: 2026-04-13T14:26:46.624Z

The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140 and Thunderbird 140.

Published: 2025-06-24T12:28:04.375Z
Updated: 2026-04-13T14:31:11.320Z

If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vulnerability was fixed in Firefox 140 and Thunderbird 140.

Published: 2025-06-24T12:28:04.065Z
Updated: 2026-04-13T14:31:09.599Z

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability was fixed in Firefox 140 and Thunderbird 140.

Published: 2025-06-24T12:28:03.769Z
Updated: 2026-04-13T14:31:07.825Z

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140.

Published: 2025-06-24T12:28:03.475Z
Updated: 2026-04-13T14:31:05.455Z

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.

Published: 2025-06-24T12:28:01.020Z
Updated: 2026-04-13T14:30:45.145Z

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.

Published: 2025-06-24T12:28:00.819Z
Updated: 2026-04-13T14:30:42.931Z

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140.

Published: 2025-06-24T12:28:02.201Z
Updated: 2026-04-13T14:31:03.707Z

An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140.

Published: 2025-06-24T12:28:01.317Z
Updated: 2026-04-13T14:31:00.300Z

The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.

Published: 2025-06-24T12:28:00.614Z
Updated: 2026-04-13T14:30:40.735Z

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.

Published: 2025-06-24T12:27:59.987Z
Updated: 2026-04-13T14:26:06.659Z

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.

Published: 2025-06-24T12:27:59.669Z
Updated: 2026-04-13T14:26:04.861Z

Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

Published: 2025-05-27T12:29:26.941Z
Updated: 2026-04-13T14:29:13.932Z

A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

Published: 2025-05-27T12:29:25.942Z
Updated: 2026-04-13T14:29:10.584Z

Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

Published: 2025-05-27T12:29:25.084Z
Updated: 2026-04-13T14:29:08.538Z

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.*. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

Published: 2025-05-27T12:29:24.338Z
Updated: 2026-04-13T14:28:00.476Z

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.

Published: 2025-05-27T12:29:23.513Z
Updated: 2026-04-13T14:27:58.589Z

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

Published: 2025-05-17T21:07:27.734Z
Updated: 2026-04-13T14:25:56.780Z

An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

Published: 2025-05-17T21:07:26.745Z
Updated: 2026-04-13T14:25:54.968Z

Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

Published: 2025-04-29T13:13:49.479Z
Updated: 2026-04-13T14:28:52.122Z

Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Thunderbird 138, and Thunderbird 128.10.

Published: 2025-04-29T13:13:48.089Z
Updated: 2026-04-13T14:27:22.909Z

A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

Published: 2025-04-29T13:13:46.677Z
Updated: 2026-04-13T14:28:50.482Z

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

Published: 2025-04-29T13:13:45.152Z
Updated: 2026-04-13T14:28:48.766Z

A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API. This enabled potential Cross-Site Request Forgery attacks across origins. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

Published: 2025-04-29T13:13:43.684Z
Updated: 2026-04-13T14:28:47.062Z

A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Thunderbird 138, and Thunderbird 128.10.

Published: 2025-04-29T13:13:42.302Z
Updated: 2026-04-13T14:27:21.172Z

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

Published: 2025-04-29T13:13:40.899Z
Updated: 2026-04-13T14:28:45.158Z

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138.

Published: 2025-04-29T13:13:39.469Z
Updated: 2026-04-13T14:28:43.317Z

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.

Published: 2025-04-29T13:13:36.578Z
Updated: 2026-04-13T14:27:17.492Z

Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.

Published: 2025-04-29T13:13:35.242Z
Updated: 2026-04-13T14:27:15.646Z

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137.

Published: 2025-04-01T12:29:06.641Z
Updated: 2026-04-13T14:29:32.339Z

Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.

Published: 2025-04-01T12:29:00.640Z
Updated: 2026-04-13T14:26:02.951Z

A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.

Published: 2025-04-01T12:28:59.386Z
Updated: 2026-04-13T14:26:00.288Z

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability was fixed in Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.

Published: 2025-04-01T12:28:58.303Z
Updated: 2026-04-13T14:25:58.540Z

Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed in Firefox 136.0.4, Firefox ESR 128.8.1, and Firefox ESR 115.21.1.

Published: 2025-03-27T13:27:57.377Z
Updated: 2026-04-13T14:30:19.981Z

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.

Published: 2025-04-29T13:13:33.783Z
Updated: 2026-04-13T14:27:13.873Z

jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Published: 2025-03-04T13:31:26.282Z
Updated: 2026-04-13T14:27:43.945Z

Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135 and Thunderbird 135.

Published: 2025-02-04T13:58:56.390Z
Updated: 2026-04-13T14:25:25.512Z

The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135.

Published: 2025-02-04T13:58:54.064Z
Updated: 2026-04-13T14:25:16.746Z

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135.

Published: 2025-02-04T13:58:52.807Z
Updated: 2026-04-13T14:25:10.866Z

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:56.028Z
Updated: 2026-04-13T14:25:23.811Z

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:55.672Z
Updated: 2026-04-13T14:25:22.068Z

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:54.940Z
Updated: 2026-04-13T14:25:20.384Z

A race during concurrent delazification could have led to a use-after-free. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:53.687Z
Updated: 2026-04-13T14:25:14.718Z

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:53.239Z
Updated: 2026-04-13T14:25:12.907Z

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:52.357Z
Updated: 2026-04-13T14:25:08.956Z

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04T13:58:51.928Z
Updated: 2026-04-13T14:25:07.080Z

Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146.0.1.

Published: 2025-12-18T14:21:14.680Z
Updated: 2026-04-13T14:30:33.420Z

Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1.

Published: 2025-12-18T14:21:13.483Z
Updated: 2026-04-13T14:30:31.682Z

Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5, Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:38:09.979Z
Updated: 2026-04-13T14:25:45.424Z

Memory safety bugs present in Firefox 145 and Thunderbird 145. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 146 and Thunderbird 146.

Published: 2025-12-09T13:38:08.758Z
Updated: 2026-04-13T14:28:06.191Z

Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:38:07.191Z
Updated: 2026-04-13T14:25:43.540Z

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:38:05.995Z
Updated: 2026-04-13T14:25:41.657Z

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:38:04.796Z
Updated: 2026-04-13T14:25:39.463Z

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:38:03.509Z
Updated: 2026-04-13T14:25:37.532Z

Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7.

Published: 2025-12-09T13:38:02.260Z
Updated: 2026-04-13T14:24:13.332Z

Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146.

Published: 2025-12-09T13:38:00.695Z
Updated: 2026-04-13T14:28:03.973Z

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:37:58.843Z
Updated: 2026-04-13T14:25:35.644Z

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:37:57.533Z
Updated: 2026-04-13T14:25:33.489Z

Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:37:56.358Z
Updated: 2026-04-13T14:25:31.606Z

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:37:55.159Z
Updated: 2026-04-13T14:25:29.901Z

Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

Published: 2025-12-09T13:37:53.872Z
Updated: 2026-04-13T14:25:27.309Z

Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

Published: 2025-11-11T15:47:17.570Z
Updated: 2026-04-13T14:26:42.181Z

Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

Published: 2025-11-11T15:47:15.695Z
Updated: 2026-04-13T14:26:26.316Z

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

Published: 2025-11-11T15:47:15.246Z
Updated: 2026-04-13T14:26:24.598Z

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

Published: 2025-11-11T15:47:14.756Z
Updated: 2026-04-13T14:26:22.837Z

Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

Published: 2025-11-11T15:47:13.943Z
Updated: 2026-04-13T14:26:18.949Z

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

Published: 2025-11-11T15:47:13.605Z
Updated: 2026-04-13T14:26:10.756Z

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145.

Published: 2025-11-11T15:47:13.214Z
Updated: 2026-04-13T14:26:08.726Z

Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Published: 2025-11-11T15:47:17.203Z
Updated: 2026-04-13T14:26:35.933Z

Same-origin policy bypass in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Published: 2025-11-11T15:47:16.759Z
Updated: 2026-04-13T14:26:31.931Z

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Published: 2025-11-11T15:47:16.458Z
Updated: 2026-04-13T14:26:30.229Z

Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Published: 2025-11-11T15:47:16.109Z
Updated: 2026-04-13T14:26:28.500Z

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.

Published: 2025-11-11T15:47:14.370Z
Updated: 2026-04-13T14:26:21.119Z

Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30.

Published: 2025-11-11T15:47:12.707Z
Updated: 2026-04-13T14:26:40.252Z

Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

Published: 2025-11-11T15:47:12.313Z
Updated: 2026-04-13T14:26:38.013Z

Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

Published: 2025-11-11T15:47:11.849Z
Updated: 2026-04-13T14:26:34.039Z

Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5.

Published: 2025-11-11T15:47:11.434Z
Updated: 2026-04-13T14:26:13.190Z

Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2.

Published: 2025-10-28T14:06:34.814Z
Updated: 2026-04-13T14:31:37.137Z

Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:36.209Z
Updated: 2026-04-13T14:29:45.602Z

Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:34.820Z
Updated: 2026-04-13T14:29:23.290Z

Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:35.913Z
Updated: 2026-04-13T14:29:43.716Z

A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:35.544Z
Updated: 2026-04-13T14:29:40.795Z

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:34.470Z
Updated: 2026-04-13T14:29:21.552Z

A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:34.065Z
Updated: 2026-04-13T14:29:19.863Z

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:33.692Z
Updated: 2026-04-13T14:29:18.098Z

Use-after-free in MediaTrackGraphImpl::GetInstance(). This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Published: 2025-10-14T12:27:35.228Z
Updated: 2026-04-13T14:29:38.732Z

Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Published: 2025-09-16T12:26:37.029Z
Updated: 2026-04-13T14:28:25.818Z

Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Published: 2025-09-16T12:26:36.546Z
Updated: 2026-04-13T14:28:24.046Z

Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Published: 2025-09-16T12:26:34.655Z
Updated: 2026-04-13T14:28:19.829Z

Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Published: 2025-09-16T12:26:36.188Z
Updated: 2026-04-13T14:28:17.996Z

Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Published: 2025-09-16T12:26:35.822Z
Updated: 2026-04-13T14:28:12.191Z

Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Published: 2025-09-16T12:26:35.394Z
Updated: 2026-04-13T14:28:09.906Z

Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Published: 2025-09-16T12:26:35.079Z
Updated: 2026-04-13T14:28:08.186Z

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

Published: 2024-10-09T12:59:07.108Z
Updated: 2025-11-03T22:33:32.973Z

Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Published: 2024-05-14T17:21:24.864Z
Updated: 2025-03-13T16:28:20.230Z

A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126.

Published: 2024-05-14T17:21:27.154Z
Updated: 2024-08-01T20:47:41.780Z

An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 126.

Published: 2024-05-14T17:21:26.862Z
Updated: 2024-08-01T20:47:41.779Z

The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox < 126.

Published: 2024-05-14T17:21:26.609Z
Updated: 2025-03-28T18:47:41.860Z

An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects Firefox < 126.

Published: 2024-05-14T17:21:26.111Z
Updated: 2024-11-20T15:25:54.388Z

A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 126.

Published: 2024-05-14T17:21:25.853Z
Updated: 2024-08-01T20:47:41.788Z

When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Published: 2024-05-14T17:21:24.594Z
Updated: 2025-02-13T17:53:40.744Z

When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Published: 2024-05-14T17:21:24.318Z
Updated: 2025-02-13T17:53:40.168Z

A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Published: 2024-05-14T17:21:24.047Z
Updated: 2025-02-13T17:53:39.586Z

If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Published: 2024-05-14T17:21:23.746Z
Updated: 2025-03-28T19:24:10.616Z

Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126.

Published: 2024-05-14T17:21:25.110Z
Updated: 2024-08-01T20:47:41.789Z

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Published: 2024-05-14T17:21:23.486Z
Updated: 2026-05-12T11:30:41.220Z

Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

Published: 2024-04-16T15:14:09.552Z
Updated: 2025-03-28T23:27:10.997Z