Cert-In-Advisories

[CIVN-2026-0203] Multiple Vulnerabilities in Mozilla Products

By Published On: April 27, 2026

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256


Multiple Vulnerabilities in Mozilla Products


Indian – Computer Emergency Response Team (https://www.cert-in.org.in)


Severity Rating: HIGH


Software Affected


Mozilla Firefox versions prior to 150

Mozilla Firefox ESR versions prior to 115.35

Mozilla Firefox ESR versions prior to 140.10

Mozilla Thunderbird versions prior to 140.10

Mozilla Thunderbird versions prior to 150

Overview


Multiple vulnerabilities have been reported in Mozilla products which could be exploited by a remote attacker to exe-cute arbitrary code, perform spoofing attack, bypass security restriction or cause Denial of service (DoS) condition on the targeted system.


Target Audience:

All end-user organizations and individuals using Mozilla Products.


Risk Assessment:

High risk of unauthorized access to sensitive information.


Impact Assessment:

Potential for data theft, sensitive information disclosure and complete compromise of system.


Description


Mozilla Firefox is a free and open-source web browser developed by Mozilla foundation, while Firefox ESR (Extended support Release) is a stable version tailored for organizations that re-quire long-term support with only security and maintenance updates.


Multiple vulnerabilities exist in Mozilla products due to Use-after-free in the DOM: Core & HTML component, WebRTC component, JavaScript Engine component, Widget: Cocoa component, JavaScript: WebAssembly component; Incorrect boundary conditions in the WebRTC component, Libraries component in NSS, DOM: Device Interfaces component, WebRTC: Networking component; Mitigation bypass in the file handling component, DOM: Security component, DOM: postMessage component, Networking: Cookies component and Memory safety bugs. A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request.


Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, perform spoofing attack, bypass security restriction or cause Denial of service (DoS) condition on the targeted system.


Solution


Apply appropriate updates as mentioned by the vendor:

https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/


https://www.mozilla.org/en-US/security/advisories/mfsa2026-31/


https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/


https://www.mozilla.org/en-US/security/advisories/mfsa2026-33/


https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/



References


Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-31/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-33/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/


CVE Name

CVE-2026-2781

CVE-2026-6746

CVE-2026-6747

CVE-2026-6748

CVE-2026-6749

CVE-2026-6750

CVE-2026-6751

CVE-2026-6752

CVE-2026-6753

CVE-2026-6754

CVE-2026-6755

CVE-2026-6756

CVE-2026-6757

CVE-2026-6758

CVE-2026-6759

CVE-2026-6760

CVE-2026-6761

CVE-2026-6762

CVE-2026-6763

CVE-2026-6764

CVE-2026-6765

CVE-2026-6766

CVE-2026-6767

CVE-2026-6768

CVE-2026-6769

CVE-2026-6770

CVE-2026-6771

CVE-2026-6772

CVE-2026-6773

CVE-2026-6774

CVE-2026-6775

CVE-2026-6776

CVE-2026-6777

CVE-2026-6778

CVE-2026-6779

CVE-2026-6780

CVE-2026-6781

CVE-2026-6782

CVE-2026-6783

CVE-2026-6784

CVE-2026-6785

CVE-2026-6786




– —


Thanks and Regards,

CERT-In


Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS


Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–


iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnvY/kACgkQ3jCgcSdc

ys9U5g//ZghtQbTtZVt79TjtVbGKNucPN3HWoYViedivJIz7EXpxuc5f5IwWOHA8

2Tc8Kq8OnmZKuoos4DwUfJ+omfSjRis+TPr3zHenVRnrH6TMilJvBMwDEPSc/CGv

66MrutP9w/0w7WfhztO1iPT5FkZY8SGZwaeqhnDVmWv2uYPSC3qeMLHd0dDAnEPH

IX8SrqMxGNQ6foxDPC+mpHPETtdUL7nu90rwV2w+8rXEHNyweB72BJa/uQSImmEg

DnK7UWpc+zcSsX6P9LmWDqU1vOrnmOl4eZziX4FP3FF/464qf2U5OLE2DbbbevNP

jX0Gjl5VTf02PmybXDDQlrYZ43frJ1/vcnA6E2warB+DEzHcoGhFkfGT+tBgGnGJ

pqCun/9hmv5vDT1zKCn7zs1RcTvAsbGTeHxPQot+httuZDQHvrzazNA90gL2DRh0

otnTSnwAmktVyOxNw2pg7NssJotSZs8Ax+DbK+3zo8o8k2Cjoh2lfkKLOf/JLrPj

VWNJaK1faVPTWpxirO053B6ziMmnT6vp4AfPkw+shjuDwkpNQk4SFpx3wCGwglYa

8al9Wj5aIh+7vZuSXdDKcYHet0XPEqYRwoKGWIrLuWt4hbdOHtDzEvK4PdooEExi

BWWDBzWK+r21IV+tR79xtUWhk+NlBLUtlLHwBOCrhgWwBnk7Ynw=

=YXJ4

—–END PGP SIGNATURE—–

Share this article

Related Posts

[CIVN-2026-0205] Multiple Vulnerabilities in Microsoft Products

[CIVN-2026-0205] Multiple Vulnerabilities in Microsoft Products

April 27, 2026
[CIVN-2026-0204] Multiple Vulnerabilities in GitLab

[CIVN-2026-0204] Multiple Vulnerabilities in GitLab

April 27, 2026
[CIAD-2026-0020] Defending Against Frontier AI Driven Cyber Risks

[CIAD-2026-0020] Defending Against Frontier AI Driven Cyber Risks

April 27, 2026
Total Views: 14|Daily Views: 14
Follow us :

Categories

Archives

Join our team

Join us today latest article updates!