EUVD-2026-37073
GHSA-98hp-r9fw-7cc3
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from Vendor (mozilla) · only source for this CVE.
CVSS VectorVendor: mozilla
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Articles & Coverage 1
Analysis
Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Unauthenticated remote command execution in rclone's remote control daemon (rcd) affects versions 1.55.0 through 1.74.2
Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152 and Firefox
Security mitigation bypass in the DOM: Security component of Mozilla Firefox allows remote attackers to circumvent brows
Security mitigation bypass in the DOM: Security component of Mozilla Firefox prior to version 152 allows remote attacker
Privilege escalation in the WebRender graphics component of Mozilla Firefox enables remote attackers to elevate privileg
Share
External POC / Exploit Code
Leaving vuln.today