[CIVN-2026-0030] Multiple Vulnerabilities in Mozilla Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Mozilla Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Mozilla Firefox for ESR versions prior to 115.32
Mozilla Firefox for ESR versions prior to 140.7
Mozilla Firefox versions prior to 147
Overview
Multiple vulnerabilities have been reported in Mozilla products which could be exploited by a remote attacker to execute arbitrary code, perform spoofing attack or cause Denial of service (DoS) condition on the targeted system.
Target Audience
All end-user organizations and individuals using Mozilla Products.
Risk Assessment
High risk of remote code execution.
Impact Assessment
Potential for data theft, sensitive information disclosure and complete compromise of system.
Description
Mozilla Firefox is a free and open-source web browser developed by Mozilla foundation, while Firefox ESR (Extended support Release) is a stable version tailored for organizations that re-quire long-term support with only security and maintenance updates.
Multiple vulnerabilities exist in Mozilla products due to Mitigation bypass in the DOM: Security component; Sandbox escape due to incorrect boundary conditions in the Graphics: Can-vasWebGL component, integer overflow in the Graphics component; Sandbox escape in the Messaging System component; Use-after-free in the IPC component, JavaScript Engine com-ponent, JavaScript: GC component; Information disclosure in the Networking component, XML component; Incorrect boundary conditions in the Graphics component; Clickjacking issue, in-formation disclosure in the PDF Viewer component; Denial-of-service in the DOM: Service Workers component; Spoofing issue in the DOM: Copy & Paste and Drag & Drop component; Memory safety bugs; Spoofing issue in the Downloads Panel component. A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request.
Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, perform spoofing attack or cause Denial of service (DoS) condition on the targeted sys-tem.
Solution
Apply appropriate updates as mentioned by the vendor:
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-02/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/
References
https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-02/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/
CVE Name
CVE-2025-14327
CVE-2026-0877
CVE-2026-0878
CVE-2026-0879
CVE-2026-0880
CVE-2026-0881
CVE-2026-0882
CVE-2026-0883
CVE-2026-0884
CVE-2026-0885
CVE-2026-0886
CVE-2026-0887
CVE-2026-0888
CVE-2026-0889
CVE-2026-0890
CVE-2026-0891
CVE-2026-0892
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlvgo4ACgkQ3jCgcSdc
ys996hAAg7wXkNJ0N+HRoYjqcU5BXpjFUOgF5w9ZRNZsASWok1iXK+347qAYIKQV
b3A5v9r3U/KHPg+T4ZSwnkTQTMC2QZwdE9eelTtNh5FBhPk2lERpnZbfNIFLjTFK
627cynad7YrIfUthZzaw1BWHpHsBuwIuHHDppBJBUp4gSBYurOG5kWWxoPrLEBbk
c26WB6WEF8gWCNVuTwRKR7dYqEZM68GFglC9YCNnyjy64W+zRr9o8G7d+1ThUdYH
6LJp9gFwUb/tCq5FSyBRhznwJpV+icyn7aEn12sMDtuH8KoQH/MtQnnNyAudULJR
zhKKqduG4yRLQl0YmjyEwsf38O2e++BrdSvDXdnD8oiL8D0UZX80Vul4MXXgvbQY
wf3MmcEIsTTPUafDieEN3bB3e9suOgJIF0sI4/NYjv4DqB2f/WlcuE3WL07cmzEs
OmacZMeGaAAMQNFLR8zFBqTLzqOOSWlhXuKMyIBNKBZ7kSL+oQ9ITjHIIEvJRgWB
EKnbE1X8VKsxgOKgZw3IsKia6LqRGXNMqfy7zcba3aAeEZUyjUPM4eAx2QX/m5pV
fA0bbe3sUZmw+3XCCnRZDqdkLaDvFgDCu0+E5oS9SxvXRr3ohpmIeYlMo4v496+u
K/38QEApCy02RLoc5NAGJfZZQtcmp8NBozl2CMzDIZJLFe2D4hw=
=tqw6
—–END PGP SIGNATURE—–
![[CIVN-2026-0035] Remote Code Execution vulnerability in Fortinet](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
