Cert-In-Advisories

[CIVN-2026-0166] Multiple Vulnerabilities in Mozilla Products

By Published On: April 2, 2026

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256


Multiple Vulnerabilities in Mozilla Products


Indian – Computer Emergency Response Team (https://www.cert-in.org.in)


Severity Rating: HIGH


Software Affected


Mozilla Firefox versions prior to 149

Mozilla Firefox ESR versions prior to 115.34

Mozilla Firefox ESR versions prior to 140.9

Mozilla Thunderbird versions prior to 140.9

Mozilla Thunderbird versions prior to 149

Overview


Multiple vulnerabilities have been reported in Mozilla products which could be exploited by a remote attacker to execute arbitrary code, perform spoofing attack, bypass security restriction or cause Denial of service (DoS) condition on the targeted system.


Target Audience:

All end-user organizations and individuals using Mozilla Products.


Risk Assessment:

High risk of unauthorized access to sensitive information.


Impact Assessment:

Potential for data theft, sensitive information disclosure and complete compromise of system.


Description


Mozilla Firefox is a free and open-source web browser developed by Mozilla foundation, while Firefox ESR (Extended support Release) is a stable version tailored for organizations that re-quire long-term support with only security and maintenance updates.


Multiple vulnerabilities exist in Mozilla products due to Use-after-free in the Graphics: WebRender com-ponent, Disability Access APIs component, CSS Parsing and Computation component, Layout: Text and Fonts component, JavaScript Engine component, Widget: Cocoa Component; Incorrect boundary conditions in the Graphics: Canvas2D component, Audio/Video: Playback component, Graphics component, Audio/Video: Web Codecs component, Layout: Text and Fonts component; Integer overflow in the XPCOM component, Graphics Component; JIT miscompilation in the JavaScript Engine: JIT component; Mitigation bypass in the Networking: HTTP component and Memory safety bugs. A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request.


Successful exploitation of these vulnerabilities which could be exploited by a remote attacker to execute arbitrary code, perform spoofing attack, bypass security restriction or cause Denial of service (DoS) condition on the targeted system.


Solution


Apply appropriate updates as mentioned by the vendor:

https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/


https://www.mozilla.org/en-US/security/advisories/mfsa2026-21/


https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/


https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/


https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/



References


Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-21/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/


CVE Name

CVE-2025-59375

CVE-2026-3889

CVE-2026-4371

CVE-2026-4684

CVE-2026-4685

CVE-2026-4686

CVE-2026-4687

CVE-2026-4688

CVE-2026-4689

CVE-2026-4690

CVE-2026-4691

CVE-2026-4692

CVE-2026-4693

CVE-2026-4694

CVE-2026-4695

CVE-2026-4696

CVE-2026-4697

CVE-2026-4698

CVE-2026-4699

CVE-2026-4700

CVE-2026-4701

CVE-2026-4702

CVE-2026-4704

CVE-2026-4705

CVE-2026-4706

CVE-2026-4707

CVE-2026-4708

CVE-2026-4709

CVE-2026-4710

CVE-2026-4711

CVE-2026-4712

CVE-2026-4713

CVE-2026-4714

CVE-2026-4715

CVE-2026-4716

CVE-2026-4717

CVE-2026-4718

CVE-2026-4719

CVE-2026-4720

CVE-2026-4721

CVE-2026-4722

CVE-2026-4723

CVE-2026-4724

CVE-2026-4725

CVE-2026-4726

CVE-2026-4727

CVE-2026-4728

CVE-2026-4729




– —


Thanks and Regards,

CERT-In


Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS


Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–


iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnOhSgACgkQ3jCgcSdc

ys8slw//WsBzWlyOI285xds6B49hrTcQa+zVzEBYn/zjcy7RDNqToCl2X36fgjN4

gNZeGxGacviIMOO63m8SybaYGpgB4KtYV5C2iJasbM2Ya1k9aeki88oYPrTiuFjK

pAoPghE3Bf012Aj739Y1pmUoLBLaN/DmYdBtpyQDutfqIExNbUzDkMu/LJ53G7Rf

ROoOKca25MrhDod+bWclID1yztDUr530HnEpfhGePy76hbummJ1tvH5Pnn4uIwzS

0EE8+hIvH4LFGsX8mr4GNPrkH4a2ZCm5guX1Dd1Y2geyHaWfaTLO1l631cSxySMu

dH8MLhyd5a+6i5DBA2/4F+f5+w+1ALxkQt3bTH6ZIqQnpx0BqwxsgS/yIoE2lmYA

5FcLbPXpOymBaatH4FHppE9EgRSnHLvxVM9UpEKW1oWVcPb71zn1b6BMHM0TuEfT

VT6mrZbRyBPiUDwHqD4c7JMSrO+2QEfEV1xcY9G2YKluaaW5+lQCddTBSm54WgDQ

W4L3bCIm9f/lFr8ztyhe2tu55irvUsmnx8kDKYBIM5xVeYb6HCys5iDeuN14i3LC

inz4E4rs5mh0mKxXDmRphjOlsJiRNfGQauFTG6HnFSukO4H9LI5OpmDSY8AmT/TE

ML0O64FalvWw5mpJDT+alCugaTCdWkA/w1jm+DaUx/YBlbdIc58=

=DWKr

—–END PGP SIGNATURE—–

Share this article

Related Posts

CURRENT ACTIVITIES-Multiple Software Supply Chain Attacks Targeting Open-Source Packages and Developer Tools

CURRENT ACTIVITIES-Multiple Software Supply Chain Attacks Targeting Open-Source Packages and Developer Tools

April 2, 2026
[CIVN-2026-0170] Multiple Vulnerabilities in Google Chrome for Desktop

[CIVN-2026-0170] Multiple Vulnerabilities in Google Chrome for Desktop

April 2, 2026
[CIVN-2026-0169] Multiple Vulnerabilities in QNAP Products

[CIVN-2026-0169] Multiple Vulnerabilities in QNAP Products

April 2, 2026
Total Views: 13|Daily Views: 13
Follow us :

Categories

Archives

Join our team

Join us today latest article updates!