Mozilla Foundation Security Advisory 2026-31

Security Vulnerabilities fixed in Firefox ESR 115.35

Announced
April 21, 2026
Impact
high
Products
Firefox ESR
Fixed in
  • Firefox ESR 115.35

#CVE-2026-6746: Use-after-free in the DOM: Core & HTML component

Reporter
Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic
Impact
high
References

#CVE-2026-6749: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component

Reporter
Inseo An
Impact
high
References

#CVE-2026-6750: Privilege escalation in the Graphics: WebRender component

Reporter
choeseyeong
Impact
high
References

#CVE-2026-6752: Incorrect boundary conditions in the WebRTC component

Reporter
jmwebdevelopement
Impact
high
References

#CVE-2026-6754: Use-after-free in the JavaScript Engine component

Reporter
Xuehao Guo
Impact
high
References

#CVE-2026-2781: Integer overflow in the Libraries component in NSS

Reporter
Clay Ver Valen
Impact
moderate
References

#CVE-2026-6762: Spoofing issue in the DOM: Core & HTML component

Reporter
Farras Givari
Impact
moderate
References

#CVE-2026-6767: Other issue in the Libraries component in NSS

Reporter
Haruto Kimura
Impact
moderate
References

#CVE-2026-6772: Incorrect boundary conditions in the Libraries component in NSS

Reporter
sseehra
Impact
moderate
References

#CVE-2026-6785: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

Reporter
Andrew McCreight, Ashley Zebrowski, Brian Grinstead, Christian Holler, Maurice Dauer, Tom Schuster and the Mozilla Fuzzing Team
Impact
high
Description

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References