PT-2026-30822 · Mozilla+1 · Thunderbird Esr+4

Brian Grinstead

+2

·

Published

2026-04-07

·

Updated

2026-04-25

·

CVE-2026-5731

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149.0.2 Firefox ESR versions prior to 115.34.1 and 140.9.1 Thunderbird versions prior to 149.0.2 and 140.9.1
Description Memory safety bugs are present in Firefox and Thunderbird, with some showing evidence of memory corruption. These bugs could potentially be exploited to run arbitrary code.
Recommendations Update Firefox to version 149.0.2 or later. Update Firefox ESR to version 115.34.1 or 140.9.1 or later. Update Thunderbird to version 149.0.2 or later. Update Thunderbird ESR to version 140.9.1 or later.

Fix

DoS

Buffer Overflow

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2026:7671
ALSA-2026:7672
ALSA-2026:8052
ALSA-2026:8459
ALSA-2026:9345
ALSA-2026:9638
BDU:2026-04920
CVE-2026-5731
OESA-2026-1874
OESA-2026-1875
OESA-2026-1876
OESA-2026-1877
OESA-2026-1878
OESA-2026-2109
OPENSUSE-SU-2026:10501-1
OPENSUSE-SU-2026:10503-1
OPENSUSE-SU-2026:10511-1
OPENSUSE-SU-2026:20486-1
RHSA-2026:11805
RHSA-2026:11813
RHSA-2026:12264
RHSA-2026:13342
RHSA-2026:13412
RHSA-2026:13533
RHSA-2026:13582
RHSA-2026:13583
RHSA-2026:13596
RHSA-2026:13600
RHSA-2026:13665
RHSA-2026:13682
RHSA-2026:13683
RHSA-2026:13922
RHSA-2026:13977
RHSA-2026:14223
RHSA-2026:14303
RHSA-2026:15889
RHSA-2026:7671
RHSA-2026:7672
RHSA-2026:8052
RHSA-2026:8459
RHSA-2026:9345
RHSA-2026:9638
SUSE-SU-2026:1273-1
SUSE-SU-2026:1322-1
SUSE-SU-2026:1379-1
SUSE-SU-2026:21157-1

Affected Products

Firefox
Firefox Esr
Rocky Linux
Thunderbird
Thunderbird Esr