Skip to main content

Firefox Esr CVE-2026-4720

| EUVDEUVD-2026-14855 CRITICAL
Classic Buffer Overflow (CWE-120)
2026-03-24 mozilla GHSA-h6r3-p5gv-5qgc
9.8
CVSS 3.1 · Vendor: mozilla
Share

Severity by source

Vendor (mozilla) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
CRITICAL
qualitative
Red Hat
7.5 HIGH
qualitative

Primary rating from Vendor (mozilla).

CVSS VectorVendor: mozilla

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 24, 2026 - 12:45 euvd
EUVD-2026-14855
Analysis Generated
Mar 24, 2026 - 12:45 vuln.today
CVE Published
Mar 24, 2026 - 12:30 nvd
CRITICAL 9.8

DescriptionCVE.org

Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149 and Firefox ESR < 140.9.

AnalysisAI

Multiple memory safety bugs affecting Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR allow remote attackers to achieve arbitrary code execution through memory corruption vulnerabilities. Firefox versions prior to 149 and Firefox ESR versions prior to 140.9 are confirmed affected, with evidence suggesting these memory corruption issues could be exploited under sufficient effort. The vulnerability class encompasses buffer overflow and memory safety defects that demonstrate exploitation potential, though no active public exploitation has been documented at this time.

Technical ContextAI

These vulnerabilities represent a class of memory safety defects within the Mozilla Firefox and Thunderbird rendering engines, affecting both stable and extended support release (ESR) channels. The affected products are identified via CPE strings cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* and cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*, indicating the vulnerability spans multiple version ranges across both browsers. The root cause involves improper memory management and buffer handling within the browser's core execution environment, with multiple distinct bugs (referenced in buglist IDs 2004652, 2019372, 2021922, 2022567, 2022733) each contributing to memory corruption. While specific CWE classification is not provided in the advisory data, the tagging of buffer overflow and RCE capability indicates violations of memory safety boundaries within C/C++ code execution paths.

RemediationAI

Immediately upgrade Firefox to version 149 or later, and upgrade Firefox ESR to version 140.9 or later. Users of Thunderbird should upgrade to the corresponding patched versions released concurrently with the Firefox security update. Obtain patches directly from Mozilla's security advisory pages at https://www.mozilla.org/security/advisories/mfsa2026-20/ and https://www.mozilla.org/security/advisories/mfsa2026-22/. For environments where immediate patching is not feasible, consider enforcing browsing restrictions to trusted sites only, disabling JavaScript execution for untrusted content, and utilizing browser sandboxing features. Enterprise deployments should prioritize patch deployment within 48-72 hours given the RCE potential and memory corruption nature of the underlying bugs.

CVE-2020-26950 HIGH POC
8.8 Dec 09

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable

CVE-2026-4689 CRITICAL POC
10.0 Mar 24

A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer over

CVE-2022-29917 CRITICAL POC
9.8 Dec 22

Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bug

CVE-2014-1568 HIGH
7.5 Sep 25

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozi

CVE-2022-26384 CRITICAL POC
9.6 Dec 22

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scri

CVE-2022-34484 HIGH POC
8.8 Dec 22

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Rated high severity (CVSS 8.8)

CVE-2022-28281 HIGH POC
8.8 Dec 22

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent pr

CVE-2022-26381 HIGH POC
8.8 Dec 22

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploi

CVE-2022-22756 HIGH POC
8.8 Dec 22

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been

CVE-2022-22740 HIGH POC
8.8 Dec 22

Certain network request objects were freed too early when releasing a network request handle. Rated high severity (CVSS

CVE-2022-22738 HIGH POC
8.8 Dec 22

Applying a CSS filter effect could have accessed out of bounds memory. Rated high severity (CVSS 8.8), this vulnerabilit

CVE-2021-29988 HIGH POC
8.8 Aug 17

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory

Vendor StatusVendor

Debian

firefox
Release Status Fixed Version Urgency
sid vulnerable 148.0.2-1 -
(unstable) fixed (unfixed) -
firefox-esr
Release Status Fixed Version Urgency
bullseye vulnerable 115.14.0esr-1~deb11u1 -
bullseye (security) vulnerable 140.8.0esr-1~deb11u1 -
bookworm vulnerable 128.14.0esr-1~deb12u1 -
bookworm (security) vulnerable 140.8.0esr-1~deb12u1 -
trixie (security), trixie vulnerable 140.8.0esr-1~deb13u1 -
forky, sid vulnerable 140.8.0esr-1 -
(unstable) fixed (unfixed) -

SUSE

Severity: Critical
Product Status
Image SLES15-SP5-SAP-Azure-LI-BYOS Image SLES15-SP5-SAP-Azure-LI-BYOS-Production Image SLES15-SP5-SAP-Azure-VLI-BYOS Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production Image SLES15-SP6-SAP-Azure-LI-BYOS Image SLES15-SP6-SAP-Azure-LI-BYOS-Production Image SLES15-SP6-SAP-Azure-VLI-BYOS Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production Image SLES15-SP7-SAP-Azure-LI-BYOS-Production Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production Affected
SUSE Liberty Linux 10 Fixed
SUSE Liberty Linux 8 Fixed
SUSE Liberty Linux 9 Fixed
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

CVE-2026-4720 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy