—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Mozilla Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Mozilla Firefox versions prior to 149.0.2

Mozilla Firefox ESR versions prior to 140.9.1

Mozilla Firefox ESR versions prior to 115.34.1

Mozilla Thunderbird versions prior to 149.0.2

Mozilla Thunderbird ESR versions prior to 140.9.1

Overview

Multiple vulnerabilities have been reported in Mozilla products which could allow a remote attacker to execute arbitrary code, cause a denial-of-service (DoS) condition, or gain unauthorized access to sensitive information on the targeted system.

Target Audience:

All end-user organizations and individuals using Mozilla Firefox and Thunderbird products.

Risk Assessment:

High risk of remote system compromise and unauthorized data access.

Impact Assessment:

Potential for remote code execution (RCE), system instability leading to denial-of-service, and the disclosure of sensitive user information.

Description

Multiple vulnerabilities exist in Mozilla products due to memory safety bugs; incorrect boundary conditions; integer overflows in the graphics: Text component. A remote attacker could exploit these vulnerabilities by enticing a victim to visit a specially crafted website.

Successful exploitation could allow a remote attacker to execute arbitrary code, cause a denial-of-service (DoS) condition, or gain unauthorized access to sensitive information on the targeted system.

Solution

Apply appropriate updates as mentioned as mentioned by the Vendor:

https://www.mozilla.org/en-US/security/advisories/mfsa2026-25/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-26/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-27/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-28/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-29/

Vendor Information

Mozilla

https://www.mozilla.org/

References

 

https://www.mozilla.org/en-US/security/advisories/mfsa2026-25/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-26/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-27/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-28/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-29/

CVE Name

CVE-2026-5731

CVE-2026-5732

CVE-2026-5733

CVE-2026-5734

CVE-2026-5735

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnjaDgACgkQ3jCgcSdc

ys8wpRAAoUCvSWmDg+KANOYWQSZdNOQBt/jOptD9ftS1FqrX+zGUFPLZPVmtR0D/

F4GUb3rOdXxdYmrjcdw0Swnc+ouYMaT/FL9giaKfJFFEqXF5NLubBiqiTZaGr0iF

2Vo6SGLtfj79/Sv/ATxwSUDdHeRKxdRS/H630RboQIRCimzjm8kENkAekfJ0S0Fs

PqLTPZJ3ARUhzJVf9EA8p5ON0BmhRUi79XntoGECA/xlD/AehWf+bXtFvtb9Xv26

of7t3SEcnmnR/R4rt8Nd/cQ/H8LlnhiUHb+vCKdygdCIrug25NXtEkuguHvMSbJr

49N1SjH6LSS2SXawdknauJDJtSXFH163L3kQqwiCjFjBWjmIajZhjTUD3dn6cKXo

/o5sAQsOoobNO68mX6MV4lWFpjtP/SwPNlYk5MBelHJh88TCQSKj3jn58baW6kJC

0nZ9xnflm0ueC7A5ZBv2/8+y9NSV4djR7MWmZFl/ae12yyJvPbycmYfTm+nbEmfF

ylEsg32+/JDpF1WXA67TwtmyVKc5Jt4NXb0qRijVVtxZMiV7fNMFMtXnAHIZTGE7

ctef8DmY4DUxOuXeL3yrkC2KqTy4bP7U22mojK6nlvmy7TNBaidWUl/oma1QSeRd

ctFomWA5gZm3hXa7LbzETQksVjMOSzqi00+/j3qyAI9xl8/boJo=

=fO0D

—–END PGP SIGNATURE—–