CVE-2026-5734

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149.0.2 Firefox ESR versions prior to 140.9.1 Thunderbird versions prior to 149.0.2 Thunderbird ESR versions prior to 140.9.1

Description Memory safety bugs are present in Firefox and Thunderbird, potentially leading to memory corruption and arbitrary code execution. These bugs were identified in versions ESR 140.9.0, 140.9.0, 149.0.1, and 149.0.1.

Recommendations Update Firefox to version 149.0.2 or later. Update Firefox ESR to version 140.9.1 or later. Update Thunderbird to version 149.0.2 or later. Update Thunderbird ESR to version 140.9.1 or later.

Fix

DoS

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-120

Related Identifiers

ALSA-2026:7671

ALSA-2026:7672

ALSA-2026:8052

ALSA-2026:8459

ALSA-2026:9345

ALSA-2026:9638

BDU:2026-04919

CVE-2026-5734

OESA-2026-1874

OESA-2026-1875

OESA-2026-1876

OESA-2026-1877

OESA-2026-1878

OESA-2026-2109

OPENSUSE-SU-2026:10501-1

OPENSUSE-SU-2026:10503-1

OPENSUSE-SU-2026:10511-1

OPENSUSE-SU-2026:20486-1

RHSA-2026:11805

RHSA-2026:11813

RHSA-2026:12264

RHSA-2026:13342

RHSA-2026:13412

RHSA-2026:13533

RHSA-2026:13582

RHSA-2026:13583

RHSA-2026:13596

RHSA-2026:13600

RHSA-2026:13665

RHSA-2026:13682

RHSA-2026:13683

RHSA-2026:13922

RHSA-2026:13977

RHSA-2026:14223

RHSA-2026:14303

RHSA-2026:15889

RHSA-2026:7671

RHSA-2026:7672

RHSA-2026:8052

RHSA-2026:8459

RHSA-2026:9345

RHSA-2026:9638

SUSE-SU-2026:1273-1

SUSE-SU-2026:1322-1

SUSE-SU-2026:1379-1

SUSE-SU-2026:21157-1

Affected Products

Firefox

Firefox Esr

Rocky Linux

Thunderbird

Thunderbird Esr

CVE-2026-5734

Weakness Enumeration

Related Identifiers

Affected Products

References · 120