VDB
CVE-2026-5735
CVE-2026-5735
PUBLISHED
Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2.
EPSS 0.06% · 18.1th percentile
Risk Scores
EPSS Score
0.06%
18.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Thunderbird | unspecified |
| Mozilla | Firefox | unspecified |
Exploit Intelligence
- Memory safety bugs fixed in Firefox 149.0.2 and Thunderbird 149.0.2 (circl)
- https://www.mozilla.org/security/advisories/mfsa2026-25/ (circl)
- https://www.mozilla.org/security/advisories/mfsa2026-28/ (circl)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
Timeline
- Apr 7, 2026 CVE Published
- Apr 7, 2026 CVE Updated
- Apr 7, 2026 Security Advisory
- Apr 8, 2026 EPSS Score
- Apr 8, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
References
- Memory safety bugs fixed in Firefox 149.0.2 and Thunderbird 149.0.2 url
- https://www.mozilla.org/security/advisories/mfsa2026-25/ url
- https://www.mozilla.org/security/advisories/mfsa2026-28/ url
- https://nvd.nist.gov/vuln/detail/CVE-2026-5735 advisory
- https://www.mozilla.org/security/advisories/mfsa2026-25 url