[CIVN-2026-0358] Multiple Vulnerabilities in Mozilla Products

By Published On: July 8, 2026

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256


Multiple Vulnerabilities in Mozilla Products


Indian – Computer Emergency Response Team (https://www.cert-in.org.in)


Severity Rating: HIGH


Software Affected


Mozilla Firefox versions prior to 152.0.4.

Mozilla Thunderbird versions prior to 152.0.1

Mozilla Thunderbird versions prior to 140.12.1

Overview


Multiple vulnerabilities have been reported in Mozilla products which could be exploited by a remote attacker to execute arbitrary code, sensitive information disclosure, or cause a Denial of Service (DoS) condition on the targeted system.


Target Audience:

All end user organizations and individuals using Mozilla products.


Risk Assessment:

High risk of remote code execution (RCE) and Denial of Service (DoS).


Impact Assessment:

Potential for sensitive information disclosure, denial of Service conditions and complete compromise of system.


Description


Mozilla Firefox is a free and open-source web browser developed by Mozilla Foundation, while Firefox ESR (Extended Support Release) is a stable version tailored for organizations that require long-term support with only security and maintenance updates.


Multiple vulnerabilities exist in Mozilla products due to memory safety issues, improper handling of LDAP responses, and insufficient sanitization of HTML chat messages. A remote attacker could exploit these vulnerabilities by persuading a victim to visit specially crafted web page.


Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, inject phishing content, disclose sensitive information, or cause a Denial of Service (DoS) condition on the targeted system.


Solution


Apply appropriate updates as mentioned by the vendor:

https://www.mozilla.org/en-US/security/advisories/mfsa2026-62/


https://www.mozilla.org/en-US/security/advisories/mfsa2026-63/


https://www.mozilla.org/en-US/security/advisories/mfsa2026-64/



Vendor Information


Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2026-62/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-63/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-64/


References


 

https://www.mozilla.org/en-US/security/advisories/mfsa2026-62/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-63/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-64/


CVE Name

CVE-2026-14241

CVE-2026-57962

CVE-2026-57963




– —


Thanks and Regards,

CERT-In


Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS


Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–


iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpOYE8ACgkQ3jCgcSdc

ys+s+RAAhQ2Vtx3biRXvZ/btXHW+SCtqq80EHXf37w+sLlYhViS2/LtO9y4VK9gO

xhK+VpXiT/dze0GfMe1dISUTZWvbw0UuX3f6BpkQiy2uPu7ggiaYjoGdtVXUWRSm

33CDTpWLMawOFB8Hy6pk7tWMSzy/2iXcSty7X7koTg9W1RNyn0RH7e2MGXHD2qb8

MB3tFjVE82gljF9jPE9zPPiMWWNLIbHwF//ZJvcKP4DjVgalhiSzUlt2SXyyWaHy

HHQ5EEJ7nnl4GK1/yiUaXT4+H9uUr1KDKLUXqFKSKItW5pofx7hOkcok8tJvje13

rv63VcuNbsEsnD2oG4e7vWM9wisE5ceKVKGOVO8cAm6IepWkcikRK5e8Lq8V3nWO

YupJf3iQnUVStTjaPq71twO+vR3uvmFeFkm3LW78ntKvqYORgF807hYiykPv9EBS

tLVNbEZ/uUuhoAlO0Zif2Eo3hZ2BpAsByCT7WSIy3Xi8Siq4o7SavtxQoZ8P63xn

ny/N7cAB7VRxkrxxQNFOhiHw5tsSSq4echisnXPBOLnY+D15mqMNHxFNudHGmrMm

fCaWdLushaLthF1q7gG4P5eZVAh3AuhG99/S2UvyHT50OdGzoZQeqsNuEjDkeFoh

hmnH6uYQaJOuno44njvmgbJ9KZFpDm+1w6Vc2JecuFl4idbbSsI=

=9xeS

—–END PGP SIGNATURE—–

Share this article