Skip to main content

Firefox Esr CVE-2026-5731

| EUVDEUVD-2026-19610 CRITICAL
Buffer Overflow (CWE-119)
2026-04-07 mozilla GHSA-fwrw-mfrr-q8px
9.8
CVSS 3.1 · Vendor: mozilla
Share

Severity by source

Vendor (mozilla) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
CRITICAL
qualitative
Red Hat
8.8 HIGH
qualitative

Primary rating from Vendor (mozilla).

CVSS VectorVendor: mozilla

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Re-analysis Queued
Apr 16, 2026 - 19:07 vuln.today
cvss_changed
Analysis Updated
Apr 16, 2026 - 05:45 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
115.34.1,140.9.1,149.0.2
EUVD ID Assigned
Apr 07, 2026 - 13:00 euvd
EUVD-2026-19610
Analysis Generated
Apr 07, 2026 - 13:00 vuln.today
CVE Published
Apr 07, 2026 - 12:43 nvd
CRITICAL 9.8

DescriptionCVE.org

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 115.34.1, and Firefox ESR < 140.9.1.

AnalysisAI

Remote code execution in Mozilla Firefox and Thunderbird via memory corruption vulnerabilities allows unauthenticated remote attackers to execute arbitrary code without user interaction. Affects Firefox <149.0.2, Firefox ESR <115.34.1, and Firefox ESR <140.9.1 across desktop platforms. With CVSS 9.8 (critical severity, network-accessible, no privileges required) and CWE-119 buffer overflow classification, this represents multiple memory safety bugs that Mozilla assessed could be exploited for arbitrary code execution. No public exploit identified at time of analysis; EPSS data not provided but critical browser vulnerabilities historically attract rapid exploitation interest.

Technical ContextAI

CWE-119 buffer overflow vulnerabilities represent memory boundary violations enabling arbitrary memory reads/writes in Firefox's rendering engine and core components. The Mozilla advisory references 28 distinct Bugzilla tickets spanning multiple subsystems, indicating a coordinated fix release addressing widespread memory safety issues discovered through Mozilla's internal security audits and fuzzing operations. CPE identifiers confirm impact across both Firefox mainline (consumer release channel) and Firefox ESR (Extended Support Release for enterprise deployments). Buffer overflow vulnerabilities in browser engines are particularly severe because they occur in the attack surface exposed to untrusted web content, allowing malicious websites or content to trigger memory corruption during HTML/CSS/JavaScript processing, media decoding, or network protocol handling. The multiple affected ESR branches (115.x and 140.x) indicate long-standing code patterns requiring remediation across major version lineages.

RemediationAI

Upgrade immediately to patched versions: Firefox 149.0.2 or later for mainline users, Firefox ESR 115.34.1 or later for organizations on the ESR 115 branch, and Firefox ESR 140.9.1 or later for ESR 140 branch deployments. Mozilla released these fixes simultaneously across all affected branches per security advisories MFSA2026-25 (https://www.mozilla.org/security/advisories/mfsa2026-25/), MFSA2026-26 (https://www.mozilla.org/security/advisories/mfsa2026-26/), and MFSA2026-27 (https://www.mozilla.org/security/advisories/mfsa2026-27/). Enterprise environments using centralized deployment tools should prioritize Firefox ESR updates through existing patch management workflows. No effective workarounds exist for memory corruption vulnerabilities in browser engines; version upgrade is the only remediation. Firefox's automatic update mechanism will deliver patches to consumer installations, but administrators should verify update completion across managed endpoints. Review the 28 referenced Bugzilla tickets for technical details if conducting impact assessment for custom Firefox builds or embedded Gecko applications.

CVE-2020-26950 HIGH POC
8.8 Dec 09

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable

CVE-2026-4689 CRITICAL POC
10.0 Mar 24

A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer over

CVE-2022-29917 CRITICAL POC
9.8 Dec 22

Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bug

CVE-2014-1568 HIGH
7.5 Sep 25

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozi

CVE-2022-26384 CRITICAL POC
9.6 Dec 22

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scri

CVE-2022-34484 HIGH POC
8.8 Dec 22

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Rated high severity (CVSS 8.8)

CVE-2022-28281 HIGH POC
8.8 Dec 22

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent pr

CVE-2022-26381 HIGH POC
8.8 Dec 22

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploi

CVE-2022-22756 HIGH POC
8.8 Dec 22

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been

CVE-2022-22740 HIGH POC
8.8 Dec 22

Certain network request objects were freed too early when releasing a network request handle. Rated high severity (CVSS

CVE-2022-22738 HIGH POC
8.8 Dec 22

Applying a CSS filter effect could have accessed out of bounds memory. Rated high severity (CVSS 8.8), this vulnerabilit

CVE-2021-29988 HIGH POC
8.8 Aug 17

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SUSE Liberty Linux 10 Fixed
SUSE Liberty Linux 8 Fixed
SUSE Liberty Linux 9 Fixed
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Fixed

Share

CVE-2026-5731 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy