wid-sec-w-2026-0850 · Published 2026-03-24 · View on BSI CERT-Bund ↗

Mozilla Firefox and Mozilla Thunderbird: Multiple Vulnerabilities

CVSS N/A NONE

Risk Summary

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9. Race condition, use-after-free in the Graphics: WebRender component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVEs (48)

CVE-2025-59375 CVE-2026-3889 CVE-2026-4371 CVE-2026-4684 CVE-2026-4685 CVE-2026-4686 CVE-2026-4687 CVE-2026-4688 CVE-2026-4689 CVE-2026-4690 CVE-2026-4691 CVE-2026-4692 CVE-2026-4693 CVE-2026-4694 CVE-2026-4695 CVE-2026-4696 CVE-2026-4697 CVE-2026-4698 CVE-2026-4699 CVE-2026-4700 CVE-2026-4701 CVE-2026-4702 CVE-2026-4704 CVE-2026-4705 CVE-2026-4706 CVE-2026-4707 CVE-2026-4708 CVE-2026-4709 CVE-2026-4710 CVE-2026-4711 CVE-2026-4712 CVE-2026-4713 CVE-2026-4714 CVE-2026-4715 CVE-2026-4716 CVE-2026-4717 CVE-2026-4718 CVE-2026-4719 CVE-2026-4720 CVE-2026-4721 CVE-2026-4722 CVE-2026-4723 CVE-2026-4724 CVE-2026-4725 CVE-2026-4726 CVE-2026-4727 CVE-2026-4728 CVE-2026-4729

Affected Vendors

Debian Mozilla Oracle RESF Red Hat SUSE

Affected Products (10)

Mozilla · Firefox <149

Mozilla · Firefox 149

Mozilla · Firefox ESR <115.34

Mozilla · Firefox ESR 115.34

Mozilla · Firefox ESR <140.9

Mozilla · Firefox ESR 140.9

Mozilla · Thunderbird <149

Mozilla · Thunderbird 149

Mozilla · Thunderbird ESR <140.9

Mozilla · Thunderbird ESR 140.9

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more