Mozilla

Mozilla, the company behind the Firefox browser and related internet services, has a critical vulnerability (CVSS 8.8) that can be exploited remotely without authentication or special privileges, requiring only user interaction to trigger. The flaw provides attackers with high-impact capabilities across confidentiality, integrity, and authenticity, allowing potential data theft, system compromise, and malicious modifications. Security teams should monitor for a patch expected by late June 2026 and prepare to deploy updates promptly once Mozilla releases the fix, as this vulnerability poses significant risk to Firefox users.