GHSA-rrjf-ccr2-ph7g

GHSA-rrjf-ccr2-ph7g PUBLISHED CVSS 9.800000190734863 CRITICAL

Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2.

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

Apr 7, 2026 CVE Published
Apr 7, 2026 CVE Updated
Apr 10, 2026 Security Advisory

References

https://nvd.nist.gov/vuln/detail/CVE-2026-5735 advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=2025475%2C2025477 url
https://www.mozilla.org/security/advisories/mfsa2026-25 url
https://www.mozilla.org/security/advisories/mfsa2026-28 url

Open in Interactive Console →