—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Mozilla Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Mozilla Firefox versions prior to 150.0.3

Overview

Multiple vulnerabilities have been reported in Mozilla products which could be exploited by a remote attacker to execute arbitrary code on the targeted system.

Target Audience:

All end-user organizations and individuals using Mozilla Products.

Risk Assessment:

High risk of unauthorized access to sensitive information.

Impact Assessment:

Potential for data theft, sensitive information disclosure and complete compromise of system.

Description

Mozilla Firefox is a free and open-source web browser developed by Mozilla foundation, while Firefox ESR (Extended support Release) is a stable version tailored for organizations that require long-term support with only security and maintenance updates.

Multiple vulnerabilities exist in Mozilla products due to Incorrect boundary conditions in the JavaScript Engine: JIT component; JIT miscompilation in the JavaScript Engine: JIT component; Use-after-free in the JavaScript: WebAssembly component; other issue in the JavaScript Engine component and Sandbox escape in the Profile Backup component. A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request.

Successful exploitation of these vulnerabilities which could be exploited by a remote attacker to execute arbitrary code on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/

References

Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/

CVE Name

CVE-2026-8388

CVE-2026-8389

CVE-2026-8390

CVE-2026-8391

CVE-2026-8401

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoF5tcACgkQ3jCgcSdc

ys+WIw//QS/uDpG9y9XUr0nsoQnCs9THnBn857u7Eb0OVTFDSKn7xjNOC8Jdq18e

IulWRSyswr3hrbHNFcXKEmT2cMPybQ1bA+UwLXckIRMlShV4xc5sQ4k1s0Cmtly2

Y1f2gmUZRx4IAFxUUKsuF0acwA65tGtXqGk8nzL8Scr5A+qoJ59nLg7/CszqynS1

sTajJv36DERXCQ/MCwQSasenM8GNZyqjB/c+zi/sGW93+KXQkz9E+IzotdX0Lq0P

vkkez6NHokHDLqBBb39zxYpRKgUh8GZN8vEihAFAjxPIwRM/zdL8bSaLT8/67xAY

K+dPwgjWzXoOPmhVyrmMsDmAjXX/vbLLheDxj/0c81vdpp+TR0n9aX1ca5sJlr2j

Xmxa1iYHich751/q21LxJ/kU+petm9+gtb+Nqgar2sNa+4icq6pkuW8TqXxYyIwP

C8/zYVhEzQA/hHT+R+eX3cB8C2Z17+/FBCYbpPiejJWm/W4qDwJZzalme2lY3c+z

s9JquSwPa+QG+u/cVP6FZerWv/YoFBER09Zo8Ibcr2z7ez+n+RGsgeYEpZjGsFxO

sjaQXAynoGEIWow3XkOEyNkAbV/LDCnkj2CbS7Ab0teysHScU+48/YTJsqv4mH1B

LPPHAppBdcsqKTDLOETGvR3uKWlbUfr/mWM0zAYnxJ+2BhSyL0Q=

=sxiU

—–END PGP SIGNATURE—–