—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Mozilla Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Mozilla Firefox versions prior to 148.0.2

Overview

Multiple vulnerabilities have been reported in Mozilla products which could allow a remote attacker to execute arbitrary code or bypass security restriction on the targeted system.

Target Audience:

All end-user organizations and individuals using Mozilla Products.

Risk Assessment:

High risk of unauthorized access to sensitive information.

Impact Assessment:

Potential for data theft, sensitive information disclosure and complete compromise of system.

Description

Mozilla Firefox is a free and open-source web browser developed by Mozilla foundation, while Firefox ESR (Extended support Release) is a stable version tailored for organizations that re-quire long-term support with only security and maintenance updates.

Multiple vulnerabilities exist in Mozilla products due to Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android; Same-origin policy bypass in the CSS Parsing and Computation component and Memory safety bugs. A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or bypass security restriction on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.mozilla.org/en-US/security/advisories/mfsa2026-19/

References

Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2026-19/

CVE Name

CVE-2026-3845

CVE-2026-3846

CVE-2026-3847

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmm0MyUACgkQ3jCgcSdc

ys87iw/9GqP3pBTsBd2DfrrZadlR5IZ75FWZ5ggGBOYuMyuM4+lWOZao2Q2asK5D

YcvO3eMnpF6AtLE72yucz+AYo5yCoJ4S9ykjJX3Ca0J8FVS3ZdaspnSEfFUypNMr

FVUex85ZwFqvthm/v6RNXMIUXrXbIKClp0mt5sUGUaCukD8UGs+b5Y4yPpWC68FK

/zTHS7Gwy5MKtznf+XqNdNSb9UhKwJ9W6OcDacClmU0EOl73AsESLE4yvagIIUqV

82A/HM4b2xEDi+kkiROGVFFqge0eygLrZtghe9Xzklz7WAF4DW5vwdU7bDCukQW0

DsGzRVSivAUYjgupKSSf1Ady/01WXNqz9m9c6hN9uTesKjMZa6C7zPc1qBj4WNhB

ONyMlcBTy5m+Us2Bunuo0wuELzVRel5L1fAywMSVfT1dBF8blYFghNijRP9QD7NR

JGkwJPaz9cyh6YNttmf9YIiP102BzY1cYLpatXaeTObpypBF6SratI1qt7xU1g3a

qc5Gb3F9437VpeXm3HsAS/eXl7dUClHqFMnneP3X5+NCKS1dVf9ZeZqr50WiZBiM

H+AQa3tKqMdlEyh9Jsn4QtqKczsc+jHF2EZHDu+7aLGqq/ZvCuCqrtfBUYq8+Gjt

CJw897wEx8hVJ2OsssYmJawzVZT4uAG0ikvRJiTxfqFsnZHR2nI=

=/Qpl

—–END PGP SIGNATURE—–