Is Memory Corruption affected by EUVD-2026-19614?

Critical memory corruption vulnerabilities in Mozilla Firefox versions below 149.0.2 and Firefox ESR below 140.9.1 allow unauthenticated remote attackers to execute arbitrary code on affected systems with a network-accessible attack vector requiring no user interaction.

EUVD-2026-19614

Q: How to fix EUVD-2026-19614?

Within 24 hours: Communicate mandatory upgrade requirement to all users and identify organizational Firefox deployment scope (standard and ESR versions). Within 7 days: Deploy Firefox 149.0.2 or later (standard) and Firefox ESR 140.9.1 or later via update management systems; verify deployment completion. Within 30 days: Conduct audit of Firefox usage in restricted-access environments and evaluate endpoint detection and response (EDR) coverage for memory exploitation signatures.

| CVE-2026-5734 CRITICAL

2026-04-07 mozilla

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 07, 2026 - 13:00 vuln.today

EUVD ID Assigned

Apr 07, 2026 - 13:00 euvd

EUVD-2026-19614

CVE Published

Apr 07, 2026 - 12:43 nvd

CRITICAL 9.8

Description

Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2 and Firefox ESR < 140.9.1.

Analysis

Multiple memory corruption vulnerabilities in Mozilla Firefox (< 149.0.2) and Firefox ESR (< 140.9.1) enable unauthenticated remote code execution with critical CVSS 9.8 severity. These memory safety bugs-including CWE-787 out-of-bounds write issues-affect both standard and Extended Support Release channels, with Mozilla confirming evidence of memory corruption exploitable for arbitrary code execution. …

Remediation

Within 24 hours: Communicate mandatory upgrade requirement to all users and identify organizational Firefox deployment scope (standard and ESR versions). Within 7 days: Deploy Firefox 149.0.2 or later (standard) and Firefox ESR 140.9.1 or later via update management systems; verify deployment completion. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +49

POC: 0

EUVD-2026-19614 vulnerability details – vuln.today

Back

EUVD-2026-19614

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-19614

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code