
[CIVN-2026-0358] Multiple Vulnerabilities in Mozilla Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Mozilla Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Mozilla Firefox versions prior to 152.0.4.
Mozilla Thunderbird versions prior to 152.0.1
Mozilla Thunderbird versions prior to 140.12.1
Overview
Multiple vulnerabilities have been reported in Mozilla products which could be exploited by a remote attacker to execute arbitrary code, sensitive information disclosure, or cause a Denial of Service (DoS) condition on the targeted system.
Target Audience:
All end user organizations and individuals using Mozilla products.
Risk Assessment:
High risk of remote code execution (RCE) and Denial of Service (DoS).
Impact Assessment:
Potential for sensitive information disclosure, denial of Service conditions and complete compromise of system.
Description
Mozilla Firefox is a free and open-source web browser developed by Mozilla Foundation, while Firefox ESR (Extended Support Release) is a stable version tailored for organizations that require long-term support with only security and maintenance updates.
Multiple vulnerabilities exist in Mozilla products due to memory safety issues, improper handling of LDAP responses, and insufficient sanitization of HTML chat messages. A remote attacker could exploit these vulnerabilities by persuading a victim to visit specially crafted web page.
Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, inject phishing content, disclose sensitive information, or cause a Denial of Service (DoS) condition on the targeted system.
Solution
Apply appropriate updates as mentioned by the vendor:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-62/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-63/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-64/
Vendor Information
Mozilla
https://www.mozilla.org/en-US/security/advisories/mfsa2026-62/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-63/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-64/
References
https://www.mozilla.org/en-US/security/advisories/mfsa2026-62/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-63/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-64/
CVE Name
CVE-2026-14241
CVE-2026-57962
CVE-2026-57963
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpOYE8ACgkQ3jCgcSdc
ys+s+RAAhQ2Vtx3biRXvZ/btXHW+SCtqq80EHXf37w+sLlYhViS2/LtO9y4VK9gO
xhK+VpXiT/dze0GfMe1dISUTZWvbw0UuX3f6BpkQiy2uPu7ggiaYjoGdtVXUWRSm
33CDTpWLMawOFB8Hy6pk7tWMSzy/2iXcSty7X7koTg9W1RNyn0RH7e2MGXHD2qb8
MB3tFjVE82gljF9jPE9zPPiMWWNLIbHwF//ZJvcKP4DjVgalhiSzUlt2SXyyWaHy
HHQ5EEJ7nnl4GK1/yiUaXT4+H9uUr1KDKLUXqFKSKItW5pofx7hOkcok8tJvje13
rv63VcuNbsEsnD2oG4e7vWM9wisE5ceKVKGOVO8cAm6IepWkcikRK5e8Lq8V3nWO
YupJf3iQnUVStTjaPq71twO+vR3uvmFeFkm3LW78ntKvqYORgF807hYiykPv9EBS
tLVNbEZ/uUuhoAlO0Zif2Eo3hZ2BpAsByCT7WSIy3Xi8Siq4o7SavtxQoZ8P63xn
ny/N7cAB7VRxkrxxQNFOhiHw5tsSSq4echisnXPBOLnY+D15mqMNHxFNudHGmrMm
fCaWdLushaLthF1q7gG4P5eZVAh3AuhG99/S2UvyHT50OdGzoZQeqsNuEjDkeFoh
hmnH6uYQaJOuno44njvmgbJ9KZFpDm+1w6Vc2JecuFl4idbbSsI=
=9xeS
—–END PGP SIGNATURE—–


