Multiple vulnerabilities have been discovered in Mozilla products. These vulnerabilities allow an attacker to execute arbitrary code and create a security issue not specified by the vendor.
Risks
- Arbitrary code execution
- Unspecified by the vendor
Affected systems
- Firefox ESR versions prior to 115.35.2
- Firefox ESR versions prior to 140.10.2
- Firefox versions prior to 150.0.2
- Thunderbird ESR versions prior to 140.10.2
- Thunderbird versions prior to 140.10.2
- Thunderbird versions prior to 150.0.2
Immediate recommendations
Refer to the publisher’s security bulletin to obtain fixes (see Documentation section on this page of the CERT-FR website: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0555/)