English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

Critical Severity Vulnerability

This vulnerability has been rated as Critical severity. Immediate action is recommended.

CVE-2026-5731

Critical
Low Medium High Critical
9.8
CVSS Score
Published: Apr 07, 2026
Last Modified: Apr 16, 2026
CWE: CWE-119

Vulnerability Description

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H

Known Affected Software

5 configuration(s) from 1 vendor(s)

firefox
Version:
149.0.1
CPE:
cpe:2.3:a:mozilla:firefox:149.0.1:*:*:*:-:*:*:*
firefox
Version:
140.9.0
CPE:
cpe:2.3:a:mozilla:firefox:140.9.0:*:*:*:esr:*:*:*
firefox
Version:
115.34.0
CPE:
cpe:2.3:a:mozilla:firefox:115.34.0:*:*:*:esr:*:*:*
thunderbird
Version:
149.0.1
CPE:
cpe:2.3:a:mozilla:thunderbird:149.0.1:*:*:*:-:*:*:*
thunderbird
Version:
140.9.0
CPE:
cpe:2.3:a:mozilla:thunderbird:140.9.0:*:*:*:esr:*:*:*
This vulnerability affects 5 software configuration(s). Ensure you patch all affected systems.

Available Security Patches

1 patch available from vendors

View All Patches
SUSE

CVE-2026-5731

CVE-2026-5731

Severity
Unknown
Released
Apr 16, 2026
Security Update
View Details Vendor Page
Browse All Security Patches

References & Resources

Severity Details

9.8
out of 10.0
Critical

Weakness Type (CWE)

CWE-119 Top 25 #17

Improper Restriction of Operations within the Bounds of a Memory Buffer

Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to…
Exploit Likelihood
High
Typical Severity
High
Abstraction Level
Class
View CWE Details on MITRE

Key Information

Published Date
April 07, 2026

External Resources

NIST
NIST NVD
National Vulnerability Database
MT
MITRE CVE
Official CVE record