Is Memory Corruption affected by CVE-2026-5735?

Mozilla Firefox versions prior to 149.0.2 contain critical remote code execution vulnerabilities exploitable by unauthenticated network attackers without requiring user interaction, posing immediate risk to any organization with Firefox deployment in user endpoints or server environments.

CVE-2026-5735

Q: How to fix CVE-2026-5735?

Within 24 hours: Identify all Firefox deployments across endpoints and servers; disable Firefox or restrict network access until patched. Within 7 days: Obtain and deploy Firefox 149.0.2 or later to all affected systems; verify Thunderbird 149.0.1 patch status directly with Mozilla (Thunderbird patch confirmation pending). Within 30 days: Conduct endpoint security assessment on all Firefox-exposed systems for indicators of compromise; implement network segmentation to restrict unauthenticated Firefox processes.

EUVD-2026-19616 CRITICAL

2026-04-07 mozilla

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 07, 2026 - 13:00 vuln.today

EUVD ID Assigned

Apr 07, 2026 - 13:00 euvd

EUVD-2026-19616

CVE Published

Apr 07, 2026 - 12:43 nvd

CRITICAL 9.8

Description

Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2.

Analysis

Remote code execution in Mozilla Firefox versions prior to 149.0.2 stems from multiple memory safety bugs allowing unauthenticated network attackers to execute arbitrary code without user interaction. Mozilla confirmed memory corruption evidence across affected versions (Firefox 149.0.1 and Thunderbird 149.0.1), though Thunderbird patch status remains unconfirmed. …

Remediation

Within 24 hours: Identify all Firefox deployments across endpoints and servers; disable Firefox or restrict network access until patched. Within 7 days: Obtain and deploy Firefox 149.0.2 or later to all affected systems; verify Thunderbird 149.0.1 patch status directly with Mozilla (Thunderbird patch confirmation pending). …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +49

POC: 0

CVE-2026-5735 vulnerability details – vuln.today

Back

CVE-2026-5735

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-5735

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code