Mozilla Firefox
Moderate fix1 remedy
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*
Moderate fix1 remedy
- 150.0.0
Mozilla Firefox and Thunderbird Memory Safety Vulnerability Allowing Potential Arbitrary Code Execution
Vulnerability
Patched
A critical memory safety vulnerability has been identified in multiple versions of Mozilla Firefox and Thunderbird. This issue is present in Firefox ESR 115.35.0, Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0, and Thunderbird 150.0.0. Some of these memory safety bugs showed signs of memory corruption, and it is presumed that, with enough effort, they could have been exploited to execute arbitrary code.
Impact
Exploitation of this vulnerability could lead to arbitrary code execution.
Remediation
Users can upgrade to Firefox 150.0.1, Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, or Firefox ESR 115.35.1 to address this vulnerability.
Added: Apr 28, 2026, 4:05 PM
Updated: Apr 28, 2026, 4:05 PM
Vulnerability Rating
Custom Algorithm
spread
8.4impact
7.5exploitability
3.6remediation
7.7relevance
6.9threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.