Mozilla Foundation Security Advisory 2026-32

Security Vulnerabilities fixed in Firefox ESR 140.10

Announced

April 21, 2026

Impact

high

Products

Firefox ESR

Fixed in

Firefox ESR 140.10

#CVE-2026-6746: Use-after-free in the DOM: Core & HTML component

Reporter: Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic
Impact: high

References

Bug 2014596

#CVE-2026-6747: Use-after-free in the WebRTC component

Reporter: Nan Wang
Impact: high

References

Bug 2021769

#CVE-2026-6748: Uninitialized memory in the Audio/Video: Web Codecs component

Reporter: Inseo An
Impact: high

References

Bug 2022604

#CVE-2026-6749: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component

Reporter: Inseo An
Impact: high

References

Bug 2022610

#CVE-2026-6750: Privilege escalation in the Graphics: WebRender component

Reporter: choeseyeong
Impact: high

References

Bug 2023407

#CVE-2026-6751: Uninitialized memory in the Audio/Video: Web Codecs component

Reporter: Joren Afman
Impact: high

References

Bug 2025883

#CVE-2026-6752: Incorrect boundary conditions in the WebRTC component

Reporter: jmwebdevelopement
Impact: high

References

Bug 2027499

#CVE-2026-6753: Incorrect boundary conditions in the WebRTC component

Reporter: jmwebdevelopement
Impact: high

References

Bug 2027501

#CVE-2026-6754: Use-after-free in the JavaScript Engine component

Reporter: Xuehao Guo
Impact: high

References

Bug 2027541

#CVE-2026-6757: Invalid pointer in the JavaScript: WebAssembly component

Reporter: Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic
Impact: moderate

References

Bug 2013588

#CVE-2026-6759: Use-after-free in the Widget: Cocoa component

Reporter: Steven Michaud
Impact: moderate

References

Bug 2016164

#CVE-2026-6761: Privilege escalation in the Networking component

Reporter: kiyong
Impact: moderate

References

Bug 2017857

#CVE-2026-6762: Spoofing issue in the DOM: Core & HTML component

Reporter: Farras Givari
Impact: moderate

References

Bug 2021080

#CVE-2026-6763: Mitigation bypass in the File Handling component

Reporter: Tomoya Nakanishi
Impact: moderate

References

Bug 2021666

#CVE-2026-6764: Incorrect boundary conditions in the DOM: Device Interfaces component

Reporter: Florian
Impact: moderate

References

Bug 2022162

#CVE-2026-6765: Information disclosure in the Form Autofill component

Reporter: ABDULAZIZ ALASAIQAH
Impact: moderate

References

Bug 2022419

#CVE-2026-6766: Incorrect boundary conditions in the Libraries component in NSS

Reporter: Haruto Kimura
Impact: moderate

References

Bug 2023207

#CVE-2026-6767: Other issue in the Libraries component in NSS

Reporter: Haruto Kimura
Impact: moderate

References

Bug 2023209

#CVE-2026-6769: Privilege escalation in the Debugger component

Reporter: Tomoya Nakanishi
Impact: moderate

References

Bug 2023753

#CVE-2026-6770: Other issue in the Storage: IndexedDB component

Reporter: Dai
Impact: moderate

References

Bug 2024220

#CVE-2026-6771: Mitigation bypass in the DOM: Security component

Reporter: Rayhan Hanaputra
Impact: moderate

References

Bug 2025067

#CVE-2026-6772: Incorrect boundary conditions in the Libraries component in NSS

Reporter: sseehra
Impact: moderate

References

Bug 2026089

#CVE-2026-6776: Incorrect boundary conditions in the WebRTC: Networking component

Reporter: Nan Wang
Impact: low

References

Bug 2021770

#CVE-2026-6785: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

Reporter: Andrew McCreight, Ashley Zebrowski, Brian Grinstead, Christian Holler, Maurice Dauer, Tom Schuster and the Mozilla Fuzzing Team
Impact: high

Description

Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

#CVE-2026-6786: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

Reporter: Alex Franchuk, Andrew McCreight, Brian Grinstead, Christian Holler, Jan de Mooij, Maurice Dauer, Sebastian Hengst, Tom Schuster and the Mozilla Fuzzing Team
Impact: high

Description

Memory safety bugs present in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150

Firefox browsers

Mozilla VPN

Mozilla Monitor

Firefox Relay

MDN Plus

Thunderbird

Solo

0DIN

Tabstack

About Mozilla

The Mozilla Manifesto

Get Involved

Blog