—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Mozilla Firefox and Firefox ESR

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Mozilla Firefox ESR versions prior to 140.10.1

Mozilla Firefox ESR versions prior to 115.35.1

Mozilla Firefox versions prior to 150.0.1

Overview

Multiple vulnerabilities have been reported in Mozilla Firefox and Firefox ESR which could allow a remote attacker to execute arbitrary code on the targeted system.

Target Audience:

All end-user organizations and individuals using Mozilla Products.

Risk Assessment:

High risk of unauthorized system access, memory corruption, exposure of sensitive information or service disruption.

Impact Assessment:

Potential for data theft, system instability or complete compromise of system.

Description

Mozilla Firefox is a free and open-source web browser developed by Mozilla foundation, while Firefox ESR (Extended support Release) is a stable version tailored for organizations that re-quire long-term support with only security and maintenance updates.

Multiple vulnerabilities exist in Mozilla Firefox and Firefox ESR due to incorrect boundary conditions in the Audio/Video component and WebRTC and improper memory handling within browser components.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, cause memory corruption, and crash the browser on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.mozilla.org/en-US/security/advisories/mfsa2026-37/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-35/

Vendor Information

Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2026-37/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-35/

References

Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2026-37/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/

https://www.mozilla.org/en-US/security/advisories/mfsa2026-35/

CVE Name

CVE-2026-7320

CVE-2026-7321

CVE-2026-7322

CVE-2026-7323

CVE-2026-7324

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmn4qIEACgkQ3jCgcSdc

ys9JlhAAqQ4fCES8BwNV8FCnaT30P40iN8RYYI+MFVPFSGjoComI24Xzzs86EmtM

PHZmTghUW5eJXbrv049E+H9pBCEcNMl/0WRtyodLgJAMAtraKTD3++dKnxyt4oUh

2anlDrh55lT1xKAGTXF1XtLaQPEDuir1T46j5C8okQwxPJ2Ko31BDAj+6fXNevih

rBo4qxWqvvdr5HG5w+kuQG/hUYWyailk/ay5MAfrUEoAuMBbBP56Wk7S+eYGeVnq

nBml68yPJE/NjaJmRdHo6ffVkgZnsUM/X8Wmz9JXpEsHt+bGMKkufqRzCUJUNQjL

jH/CYyh8EZ2j35aIOwCDJTGt6+A2Twp1/xcKuDED0gDelPwIJqhzm0vLtop8mGAG

GOzkmum6K2XyQ6E1Yys31gIfgG8Ex7t7IwnQj+wuOe9PBEg1VgLBCFFMbfYrKtPE

wmbRU1hr8CmGuTSLwdW2i1YPjBj6KfbV1DHVP6srusuAS92o6Lc8kCaM8cJ8NxTd

ZA3/qip1Mfu3MEVvR2dJdOQXDEl2MObeZqf/2SSWtHsiuRgQ7Ugjv2lC47GIeSxa

YM5DDmDjYrxFjz/Iq6Y0mai0Cp6oGbCAlh/Gf+Qe5rdJ5rStChDDqUZhr6UtSloA

tVJyMGw9rDg0s13d2ARjFn6FqaWd0/ci2ix/O8McdRDkfl7h9x0=

=Nej+

—–END PGP SIGNATURE—–