Description
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code.
Below is a complete list of vulnerabilities:
- Denial of service vulnerability in the Audio/Video: Web Codecs component can be exploited remotely to cause denial of service.
- Denial of service vulnerability in the JavaScript Engine: JIT component can be exploited remotely to cause denial of service.
- A remote code execution vulnerability in the DOM: Bindings (WebIDL) component can be exploited remotely to execute arbitrary code.
- Denial of service vulnerability in the JavaScript Engine component can be exploited remotely to cause denial of service.
- Security vulnerability in the Profile Backup component can be exploited to bypass security restrictions.
- A remote code execution vulnerability in the Disability Access APIs component can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Thunderbird 140 can be exploited remotely to execute arbitrary code.
Original advisories
Exploitation
Related products
CVE list
- CVE-2026-8388 high
- CVE-2026-8391 high
- CVE-2026-8401 critical
- CVE-2026-8946 critical
- CVE-2026-8947 high
- CVE-2026-8953 critical
- CVE-2026-8975 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!