What is the CVSS score of EUVD-2026-19611?

EUVD-2026-19611 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Red Hat are affected by EUVD-2026-19611?

CVE-2026-5732 is a high-severity integer overflow vulnerability in Firefox and Firefox ESR that enables remote code execution when users visit malicious webpages.. A patch is available.

Red Hat EUVD-2026-19611

Q: How to fix or mitigate EUVD-2026-19611?

Within 24 hours: Inventory all Firefox and Firefox ESR deployments across the organization and identify affected versions (Firefox <149.0.2, ESR <140.9.1). Within 7 days: Deploy patches to Firefox 149.0.2 or later and Firefox ESR 140.9.1 or later via your standard endpoint update mechanism; consider disabling Firefox on unmanaged devices until patched. Within 30 days: Verify 100% patch compliance through automated scanning and review browser security policies to restrict web access to trusted domains only.

| CVE-2026-5732 HIGH

Integer Overflow or Wraparound (CWE-190)

2026-04-07 mozilla

GHSA-mj57-mxq8-qvw9

Buffer Overflow Integer Overflow Red Hat Mozilla Suse

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:05 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

140.9.1,149.0.2

EUVD ID Assigned

Apr 07, 2026 - 13:00 euvd

EUVD-2026-19611

Analysis Generated

Apr 07, 2026 - 13:00 vuln.today

CVE Published

Apr 07, 2026 - 12:43 nvd

HIGH 8.8

DescriptionNVD

Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability affects Firefox < 149.0.2 and Firefox ESR < 140.9.1.

AnalysisAI

Integer overflow in Firefox and Firefox ESR text rendering engine allows remote attackers to achieve arbitrary code execution via specially crafted web content. Affects Firefox versions prior to 149.0.2 and Firefox ESR prior to 140.9.1. …

RemediationAI

Within 24 hours: Inventory all Firefox and Firefox ESR deployments across the organization and identify affected versions (Firefox <149.0.2, ESR <140.9.1). Within 7 days: Deploy patches to Firefox 149.0.2 or later and Firefox ESR 140.9.1 or later via your standard endpoint update mechanism; consider disabling Firefox on unmanaged devices until patched. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory