Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0354
Vulnerability from certfr_avis - Published: 2026-03-25 - Updated: 2026-03-25
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Firefox versions antérieures à 149 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 140.9 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 149 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.9 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.34 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 149",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 140.9",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 149",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.9",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.34",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-4684",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4684"
},
{
"name": "CVE-2026-4721",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4721"
},
{
"name": "CVE-2026-4725",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4725"
},
{
"name": "CVE-2026-4728",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4728"
},
{
"name": "CVE-2026-4720",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4720"
},
{
"name": "CVE-2026-4710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4710"
},
{
"name": "CVE-2026-4694",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4694"
},
{
"name": "CVE-2026-4698",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4698"
},
{
"name": "CVE-2026-4690",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4690"
},
{
"name": "CVE-2026-4697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4697"
},
{
"name": "CVE-2026-4689",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4689"
},
{
"name": "CVE-2026-4711",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4711"
},
{
"name": "CVE-2026-4706",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4706"
},
{
"name": "CVE-2026-4715",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4715"
},
{
"name": "CVE-2026-4729",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4729"
},
{
"name": "CVE-2026-4696",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4696"
},
{
"name": "CVE-2026-4726",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4726"
},
{
"name": "CVE-2026-4687",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4687"
},
{
"name": "CVE-2026-4709",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4709"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2026-4714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4714"
},
{
"name": "CVE-2026-4699",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4699"
},
{
"name": "CVE-2026-4695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4695"
},
{
"name": "CVE-2026-4693",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4693"
},
{
"name": "CVE-2026-3889",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3889"
},
{
"name": "CVE-2026-4692",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4692"
},
{
"name": "CVE-2026-4701",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4701"
},
{
"name": "CVE-2026-4724",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4724"
},
{
"name": "CVE-2026-4705",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4705"
},
{
"name": "CVE-2026-4717",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4717"
},
{
"name": "CVE-2026-4700",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4700"
},
{
"name": "CVE-2026-4723",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4723"
},
{
"name": "CVE-2026-4688",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4688"
},
{
"name": "CVE-2026-4712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4712"
},
{
"name": "CVE-2026-4707",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4707"
},
{
"name": "CVE-2026-4716",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4716"
},
{
"name": "CVE-2026-4704",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4704"
},
{
"name": "CVE-2026-4727",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4727"
},
{
"name": "CVE-2026-4722",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4722"
},
{
"name": "CVE-2026-4713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4713"
},
{
"name": "CVE-2026-4718",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4718"
},
{
"name": "CVE-2026-4685",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4685"
},
{
"name": "CVE-2026-4702",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4702"
},
{
"name": "CVE-2026-4719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4719"
},
{
"name": "CVE-2026-4708",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4708"
},
{
"name": "CVE-2026-4371",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4371"
},
{
"name": "CVE-2026-4691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4691"
},
{
"name": "CVE-2026-4686",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4686"
}
],
"initial_release_date": "2026-03-25T00:00:00",
"last_revision_date": "2026-03-25T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0354",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-20",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-24",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-23",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-22",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-21",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21/"
}
]
}
CVE-2025-59375 (GCVE-0-2025-59375)
Vulnerability from cvelistv5 – Published: 2025-09-15 00:00 – Updated: 2026-05-12 12:08
VLAI
EPSS
Summary
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
Severity
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| libexpat project | libexpat |
Affected:
0 , < 2.7.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T20:22:58.509715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T20:23:08.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-01T14:25:12.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/16/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/01/5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCH328",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM324",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM328",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM332",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRH334 (24 V DC, 8xFO, CC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (230 V AC, 12xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (230 V AC, 8xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (24 V DC, 12xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (24 V DC, 8xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (2x230 V AC, 12xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (2x230 V AC, 8xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:30.282Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-089022.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libexpat",
"vendor": "libexpat project",
"versions": [
{
"lessThan": "2.7.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T13:21:47.961Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libexpat/libexpat/issues/1018"
},
{
"url": "https://github.com/libexpat/libexpat/pull/1034"
},
{
"url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
},
{
"url": "https://issues.oss-fuzz.com/issues/439133977"
},
{
"url": "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-59375",
"datePublished": "2025-09-15T00:00:00.000Z",
"dateReserved": "2025-09-15T00:00:00.000Z",
"dateUpdated": "2026-05-12T12:08:30.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3889 (GCVE-0-2026-3889)
Vulnerability from cvelistv5 – Published: 2026-03-24 20:27 – Updated: 2026-04-13 13:51
VLAI
EPSS
Title
Spoofing issue in Thunderbird
Summary
Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
Severity
6.5 (Medium)
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
Credits
Eemeli Aro
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-3889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T19:05:32.416050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T19:49:11.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Eemeli Aro"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9."
}
],
"value": "Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:51:23.615Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020723"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Spoofing issue in Thunderbird"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-3889",
"datePublished": "2026-03-24T20:27:14.437Z",
"dateReserved": "2026-03-10T16:23:43.463Z",
"dateUpdated": "2026-04-13T13:51:23.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4371 (GCVE-0-2026-4371)
Vulnerability from cvelistv5 – Published: 2026-03-24 20:27 – Updated: 2026-04-13 13:51
VLAI
EPSS
Title
Out of bounds read in IMAP parsing
Summary
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
Severity
7.4 (High)
CWE
- CWE-126 - Buffer Over-read
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Thunderbird |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
Credits
Rintaro Kobayashi
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T16:24:48.052212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T16:24:50.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rintaro Kobayashi"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9."
}
],
"value": "A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:51:25.535Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2023493"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Out of bounds read in IMAP parsing"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4371",
"datePublished": "2026-03-24T20:27:15.198Z",
"dateReserved": "2026-03-18T10:03:43.909Z",
"dateUpdated": "2026-04-13T13:51:25.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4684 (GCVE-0-2026-4684)
Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:46
VLAI
EPSS
Title
Race condition, use-after-free in the Graphics: WebRender component
Summary
Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Severity
7.5 (High)
CWE
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.34 , ≤ 115.*
(rpm)
Unaffected: 140.9 , ≤ 140.* (rpm) Unaffected: 149 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
Credits
Oskar L
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T03:55:48.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.34",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Oskar L"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:46:22.818Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011129"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Race condition, use-after-free in the Graphics: WebRender component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4684",
"datePublished": "2026-03-24T12:30:20.420Z",
"dateReserved": "2026-03-23T23:21:29.581Z",
"dateUpdated": "2026-04-13T13:46:22.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4685 (GCVE-0-2026-4685)
Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-05-07 14:49
VLAI
EPSS
Title
Incorrect boundary conditions in the Graphics: Canvas2D component
Summary
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Severity
7.5 (High)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.34 , ≤ 115.*
(rpm)
Unaffected: 140.9 , ≤ 140.* (rpm) Unaffected: 149 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
Credits
Sajeeb Lohani
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T12:43:23.356262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T14:49:55.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.34",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sajeeb Lohani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:47:24.448Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016349"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Incorrect boundary conditions in the Graphics: Canvas2D component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4685",
"datePublished": "2026-03-24T12:30:21.064Z",
"dateReserved": "2026-03-23T23:21:31.793Z",
"dateUpdated": "2026-05-07T14:49:55.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4686 (GCVE-0-2026-4686)
Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-05-07 14:50
VLAI
EPSS
Title
Incorrect boundary conditions in the Graphics: Canvas2D component
Summary
Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Severity
7.5 (High)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.34 , ≤ 115.*
(rpm)
Unaffected: 140.9 , ≤ 140.* (rpm) Unaffected: 149 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
Credits
Sajeeb Lohani
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T12:44:29.643481Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T14:50:23.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.34",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sajeeb Lohani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:48:30.630Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016351"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Incorrect boundary conditions in the Graphics: Canvas2D component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4686",
"datePublished": "2026-03-24T12:30:21.639Z",
"dateReserved": "2026-03-23T23:21:33.801Z",
"dateUpdated": "2026-05-07T14:50:23.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4687 (GCVE-0-2026-4687)
Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:48
VLAI
EPSS
Title
Sandbox escape due to incorrect boundary conditions in the Telemetry component
Summary
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Severity
9.6 (Critical)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.34 , ≤ 115.*
(rpm)
Unaffected: 140.9 , ≤ 140.* (rpm) Unaffected: 149 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
Credits
Sajeeb Lohani
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T03:55:57.976646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T14:06:49.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.34",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sajeeb Lohani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:48:33.096Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016368"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Sandbox escape due to incorrect boundary conditions in the Telemetry component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4687",
"datePublished": "2026-03-24T12:30:22.179Z",
"dateReserved": "2026-03-23T23:21:35.819Z",
"dateUpdated": "2026-04-13T13:48:33.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4688 (GCVE-0-2026-4688)
Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:48
VLAI
EPSS
Title
Sandbox escape due to use-after-free in the Disability Access APIs component
Summary
Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Severity
9.6 (Critical)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
Credits
Sajeeb Lohani
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T03:55:59.035622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T14:08:27.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sajeeb Lohani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:48:35.360Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016373"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Sandbox escape due to use-after-free in the Disability Access APIs component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4688",
"datePublished": "2026-03-24T12:30:22.710Z",
"dateReserved": "2026-03-23T23:21:37.949Z",
"dateUpdated": "2026-04-13T13:48:35.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4689 (GCVE-0-2026-4689)
Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:48
VLAI
EPSS
Title
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
Summary
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Severity
10 (Critical)
CWE
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.34 , ≤ 115.*
(rpm)
Unaffected: 140.9 , ≤ 140.* (rpm) Unaffected: 149 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
Credits
Sajeeb Lohani
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T03:56:00.258280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T14:05:39.137Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.34",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sajeeb Lohani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:48:38.103Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016374"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4689",
"datePublished": "2026-03-24T12:30:23.260Z",
"dateReserved": "2026-03-23T23:21:39.901Z",
"dateUpdated": "2026-04-13T13:48:38.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4690 (GCVE-0-2026-4690)
Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-04-13 13:48
VLAI
EPSS
Title
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
Summary
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Severity
9.6 (Critical)
CWE
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.34 , ≤ 115.*
(rpm)
Unaffected: 140.9 , ≤ 140.* (rpm) Unaffected: 149 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
140.9 , ≤ 140.*
(rpm)
Unaffected: 149 , ≤ * (rpm) |
Credits
Sajeeb Lohani
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-4690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T03:56:01.292493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T14:07:54.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.34",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.9",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "149",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sajeeb Lohani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"value": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T13:48:40.559Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016375"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
}
],
"title": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-4690",
"datePublished": "2026-03-24T12:30:23.812Z",
"dateReserved": "2026-03-23T23:21:42.156Z",
"dateUpdated": "2026-04-13T13:48:40.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…