—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Mozilla Firefox and Firefox ESR

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Mozilla Firefox ESR versions prior to 140.10.2

Mozilla Firefox ESR versions prior to 115.35.2

Mozilla Firefox versions prior to 150.0.2

Overview

Multiple vulnerabilities have been reported in Mozilla Firefox and Firefox ESR which could allow a remote attacker to execute arbitrary code on the targeted system.

Target Audience:

All end-user organizations and individuals using Mozilla Products.

Risk Assessment:

High risk of unauthorized system access, memory corruption, exposure of sensitive information or service disruption.

Impact Assessment:

Potential for data theft, system instability or complete compromise of system.

Description

Mozilla Firefox is a free and open-source web browser developed by Mozilla foundation, while Firefox ESR (Extended support Release) is a stable version tailored for organizations that re-quire long-term support with only security and maintenance updates.

Multiple vulnerabilities exist in Mozilla Firefox and Firefox ESR due to Use after free in the DOM: Networking component; Incorrect boundary conditions in the Audio/Video: Play component and Memory safety bugs. A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-42/

Vendor Information

Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-42/

References

Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-42/

CVE Name

CVE-2026-8090

CVE-2026-8091

CVE-2026-8092

CVE-2026-8093

CVE-2026-8094

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmn/MDUACgkQ3jCgcSdc

ys8C6A/9EyI93UCOYr8CRfD5D3myeSlpVAAWFO7SSRlWqM2lJBCcvUIMvwTs8Zcp

/FWC8pj4NYquDgyZUFcT8pKTdrzmV53zRcFThDj2sjF368gjVCHTfQXDP3qvC0dz

yemWOEmZSxUBu/+UYiv27kT2+AQsSceYbmxwXXzeYwYOLGmmnU+Ih9qgLcMUMnNj

4wrFq594iqsBUCbFuSzU+DIC8m/B9DhrRwrplc/RCiS18nd3khXJU/B4x0xTaqem

L7+sNPlNlkGpjDyGxCagPTnTfB3ST/JnuMODY9DnKUEd0c9p9/CYIrWkYUgb4E95

W0kXDsMvJ7tTfskhUs4QF3Dtuc1PII63WoPQjHLZXGRs1FC6vUREBzAev5YYPIir

zTc69DECoG7NGedjruB/bwTodd/TjM89HPCe4b5o1ut77zDeUwsvm32A0EgeCT0F

rHR3dsgjlm6kChu8ClMRznwvVX/uaasnAk1qS9OtHNG0wJAfYurdV+pG4n/YH1uV

/GH+kuLgPjj9IR3jTTqbJFLqVfgdUdbfd47E17nqMhPY23b8yvHom0xbFSplx6TK

hQJUYCYmBrYwxi3mVFiNYuB4+EeCNVxTse1TGvJyvyS9PfX/2ab6dEEnXf4Kb3H9

0FRhgrXCp9iLlmNN/ItZpICTzF6ALtyt4pV7Nv1yurIsyAT1ZfY=

=XLog

—–END PGP SIGNATURE—–