wid-sec-w-2026-0997 · Published 2026-04-07 · View on BSI CERT-Bund ↗

Mozilla Firefox and Thunderbird: Multiple Vulnerabilities

CVSS 9.8 CRITICAL

Risk Summary

Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 140.9.1, Thunderbird < 149.0.2, and Thunderbird < 140.9.1.

CVEs (5)

CVE-2026-5731 CVE-2026-5732 CVE-2026-5733 CVE-2026-5734 CVE-2026-5735

Affected Vendors

Debian Mozilla SUSE

Affected Products (10)

Mozilla · Firefox <149.0.2

Mozilla · Firefox 149.0.2

Mozilla · Firefox ESR <115.34.1

Mozilla · Firefox ESR 115.34.1

Mozilla · Firefox ESR <140.9.1

Mozilla · Firefox ESR 140.9.1

Mozilla · Thunderbird <149.0.2

Mozilla · Thunderbird 149.0.2

Mozilla · Thunderbird <140.9.1

Mozilla · Thunderbird 140.9.1

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more