Mozilla Foundation Security Advisory 2026-21

Security Vulnerabilities fixed in Firefox ESR 115.34

Announced

March 24, 2026

Impact

high

Products

Firefox ESR

Fixed in

Firefox ESR 115.34

#CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component

Reporter: Oskar L
Impact: high

References

Bug 2011129

#CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component

Reporter: Sajeeb Lohani
Impact: high

References

Bug 2016349

#CVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D component

Reporter: Sajeeb Lohani
Impact: high

References

Bug 2016351

#CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component

Reporter: Sajeeb Lohani
Impact: high

References

Bug 2016368

#CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

Reporter: Sajeeb Lohani
Impact: high

References

Bug 2016374

#CVE-2026-4690: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

Reporter: Sajeeb Lohani
Impact: high

References

Bug 2016375

#CVE-2026-4691: Use-after-free in the CSS Parsing and Computation component

Reporter: Fabius Artrel
Impact: high

References

Bug 2017512

#CVE-2026-4692: Sandbox escape in the Responsive Design Mode component

Reporter: Tom Ritter
Impact: high

References

Bug 2017643

#CVE-2026-4693: Incorrect boundary conditions in the Audio/Video: Playback component

Reporter: Sajeeb Lohani
Impact: high

References

Bug 2018102

#CVE-2026-4694: Incorrect boundary conditions, integer overflow in the Graphics component

Reporter: Sajeeb Lohani
Impact: high

References

Bug 2018430

#CVE-2026-4696: Use-after-free in the Layout: Text and Fonts component

Reporter: Sota Wada
Impact: high

References

Bug 2020190

#CVE-2026-4698: JIT miscompilation in the JavaScript Engine: JIT component

Reporter: maxpl0it working with Trend Micro Zero Day Initiative
Impact: high

References

Bug 2020906

#CVE-2026-4699: Incorrect boundary conditions in the Layout: Text and Fonts component

Reporter: Matej Smycka
Impact: high

References

Bug 2021863

#CVE-2026-4706: Incorrect boundary conditions in the Graphics: Canvas2D component

Reporter: Jun Yang
Impact: moderate

References

Bug 2015091

#CVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D component

Reporter: Sajeeb Lohani
Impact: moderate

References

Bug 2015267

#CVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP component

Reporter: Sajeeb Lohani
Impact: moderate

References

Bug 2016329

#CVE-2026-4721: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

Reporter: Christian Holler, Timothy Nikkel, Tom Schuster and the Mozilla Fuzzing Team
Impact: high

Description

Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

Firefox browsers

Mozilla VPN

Mozilla Monitor

Firefox Relay

MDN Plus

Thunderbird

Solo

0DIN

Tabstack

About Mozilla

The Mozilla Manifesto

Get Involved

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising

Mozilla Builders

Mozilla New Products

Security Vulnerabilities fixed in Firefox ESR 115.34

References

References

References

References

References

References

References

References

References

References

References

References

References

References

References

References

Description

References