OPENSUSE-SU-2026:10413-1 - Vulnerability-Lookup

OPENSUSE-SU-2026:10413-1

Vulnerability from csaf_opensuse - Published: 2026-03-24 00:00 - Updated: 2026-03-24 00:00

Summary

firefox-esr-140.9.0-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: firefox-esr-140.9.0-1.1 on GA media

Description of the patch: These are all security issues fixed in the firefox-esr-140.9.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2026-10413

Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

CVE-2025-59375

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4684

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4685

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4686

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4687

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4688

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4689

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4690

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4691

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4692

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4693

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4694

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4695

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4696

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4697

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4698

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4699

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4700

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4701

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4702

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4704

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4705

6.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4706

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4707

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4708

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4709

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4710

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4711

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4712

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4713

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4714

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4715

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4716

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4717

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4718

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4719

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4720

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-4721

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/o…	self
	https://www.suse.com/security/cve/CVE-2025-59375/	self
	https://www.suse.com/security/cve/CVE-2026-4684/	self
	https://www.suse.com/security/cve/CVE-2026-4685/	self
	https://www.suse.com/security/cve/CVE-2026-4686/	self
	https://www.suse.com/security/cve/CVE-2026-4687/	self
	https://www.suse.com/security/cve/CVE-2026-4688/	self
	https://www.suse.com/security/cve/CVE-2026-4689/	self
	https://www.suse.com/security/cve/CVE-2026-4690/	self
	https://www.suse.com/security/cve/CVE-2026-4691/	self
	https://www.suse.com/security/cve/CVE-2026-4692/	self
	https://www.suse.com/security/cve/CVE-2026-4693/	self
	https://www.suse.com/security/cve/CVE-2026-4694/	self
	https://www.suse.com/security/cve/CVE-2026-4695/	self
	https://www.suse.com/security/cve/CVE-2026-4696/	self
	https://www.suse.com/security/cve/CVE-2026-4697/	self
	https://www.suse.com/security/cve/CVE-2026-4698/	self
	https://www.suse.com/security/cve/CVE-2026-4699/	self
	https://www.suse.com/security/cve/CVE-2026-4700/	self
	https://www.suse.com/security/cve/CVE-2026-4701/	self
	https://www.suse.com/security/cve/CVE-2026-4702/	self
	https://www.suse.com/security/cve/CVE-2026-4704/	self
	https://www.suse.com/security/cve/CVE-2026-4705/	self
	https://www.suse.com/security/cve/CVE-2026-4706/	self
	https://www.suse.com/security/cve/CVE-2026-4707/	self
	https://www.suse.com/security/cve/CVE-2026-4708/	self
	https://www.suse.com/security/cve/CVE-2026-4709/	self
	https://www.suse.com/security/cve/CVE-2026-4710/	self
	https://www.suse.com/security/cve/CVE-2026-4711/	self
	https://www.suse.com/security/cve/CVE-2026-4712/	self
	https://www.suse.com/security/cve/CVE-2026-4713/	self
	https://www.suse.com/security/cve/CVE-2026-4714/	self
	https://www.suse.com/security/cve/CVE-2026-4715/	self
	https://www.suse.com/security/cve/CVE-2026-4716/	self
	https://www.suse.com/security/cve/CVE-2026-4717/	self
	https://www.suse.com/security/cve/CVE-2026-4718/	self
	https://www.suse.com/security/cve/CVE-2026-4719/	self
	https://www.suse.com/security/cve/CVE-2026-4720/	self
	https://www.suse.com/security/cve/CVE-2026-4721/	self
	https://www.suse.com/security/cve/CVE-2025-59375	external
	https://bugzilla.suse.com/1249584	external
	https://www.suse.com/security/cve/CVE-2026-4684	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4685	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4686	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4687	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4688	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4689	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4690	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4691	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4692	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4693	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4694	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4695	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4696	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4697	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4698	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4699	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4700	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4701	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4702	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4704	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4705	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4706	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4707	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4708	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4709	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4710	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4711	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4712	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4713	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4714	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4715	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4716	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4717	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4718	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4719	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4720	external
	https://bugzilla.suse.com/1260083	external
	https://www.suse.com/security/cve/CVE-2026-4721	external
	https://bugzilla.suse.com/1260083	external

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "firefox-esr-140.9.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the firefox-esr-140.9.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2026-10413",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10413-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-59375 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-59375/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4684 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4684/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4685 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4685/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4686 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4686/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4687 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4687/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4688 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4688/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4689 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4689/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4690 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4690/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4691 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4691/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4692 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4692/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4693 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4693/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4694 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4694/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4695 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4695/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4696 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4696/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4697 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4697/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4698 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4698/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4699 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4699/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4700 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4700/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4701 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4701/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4702 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4702/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4704 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4704/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4705 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4705/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4706 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4706/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4707 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4707/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4708 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4708/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4709 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4709/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4710 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4710/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4711 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4711/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4712 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4712/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4713 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4713/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4714 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4714/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4715 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4715/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4716 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4716/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4717 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4717/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4718 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4718/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4719 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4719/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4720 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4720/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-4721 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-4721/"
      }
    ],
    "title": "firefox-esr-140.9.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2026-03-24T00:00:00Z",
      "generator": {
        "date": "2026-03-24T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2026:10413-1",
      "initial_release_date": "2026-03-24T00:00:00Z",
      "revision_history": [
        {
          "date": "2026-03-24T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-esr-140.9.0-1.1.aarch64",
                "product": {
                  "name": "firefox-esr-140.9.0-1.1.aarch64",
                  "product_id": "firefox-esr-140.9.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
                "product": {
                  "name": "firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
                  "product_id": "firefox-esr-branding-upstream-140.9.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-common-140.9.0-1.1.aarch64",
                "product": {
                  "name": "firefox-esr-translations-common-140.9.0-1.1.aarch64",
                  "product_id": "firefox-esr-translations-common-140.9.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-other-140.9.0-1.1.aarch64",
                "product": {
                  "name": "firefox-esr-translations-other-140.9.0-1.1.aarch64",
                  "product_id": "firefox-esr-translations-other-140.9.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-esr-140.9.0-1.1.ppc64le",
                "product": {
                  "name": "firefox-esr-140.9.0-1.1.ppc64le",
                  "product_id": "firefox-esr-140.9.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
                "product": {
                  "name": "firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
                  "product_id": "firefox-esr-branding-upstream-140.9.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-common-140.9.0-1.1.ppc64le",
                "product": {
                  "name": "firefox-esr-translations-common-140.9.0-1.1.ppc64le",
                  "product_id": "firefox-esr-translations-common-140.9.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-other-140.9.0-1.1.ppc64le",
                "product": {
                  "name": "firefox-esr-translations-other-140.9.0-1.1.ppc64le",
                  "product_id": "firefox-esr-translations-other-140.9.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-esr-140.9.0-1.1.s390x",
                "product": {
                  "name": "firefox-esr-140.9.0-1.1.s390x",
                  "product_id": "firefox-esr-140.9.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-branding-upstream-140.9.0-1.1.s390x",
                "product": {
                  "name": "firefox-esr-branding-upstream-140.9.0-1.1.s390x",
                  "product_id": "firefox-esr-branding-upstream-140.9.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-common-140.9.0-1.1.s390x",
                "product": {
                  "name": "firefox-esr-translations-common-140.9.0-1.1.s390x",
                  "product_id": "firefox-esr-translations-common-140.9.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-other-140.9.0-1.1.s390x",
                "product": {
                  "name": "firefox-esr-translations-other-140.9.0-1.1.s390x",
                  "product_id": "firefox-esr-translations-other-140.9.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "firefox-esr-140.9.0-1.1.x86_64",
                "product": {
                  "name": "firefox-esr-140.9.0-1.1.x86_64",
                  "product_id": "firefox-esr-140.9.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
                "product": {
                  "name": "firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
                  "product_id": "firefox-esr-branding-upstream-140.9.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-common-140.9.0-1.1.x86_64",
                "product": {
                  "name": "firefox-esr-translations-common-140.9.0-1.1.x86_64",
                  "product_id": "firefox-esr-translations-common-140.9.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "firefox-esr-translations-other-140.9.0-1.1.x86_64",
                "product": {
                  "name": "firefox-esr-translations-other-140.9.0-1.1.x86_64",
                  "product_id": "firefox-esr-translations-other-140.9.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-140.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64"
        },
        "product_reference": "firefox-esr-140.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-140.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le"
        },
        "product_reference": "firefox-esr-140.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-140.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x"
        },
        "product_reference": "firefox-esr-140.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-140.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64"
        },
        "product_reference": "firefox-esr-140.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-branding-upstream-140.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64"
        },
        "product_reference": "firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-branding-upstream-140.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le"
        },
        "product_reference": "firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-branding-upstream-140.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x"
        },
        "product_reference": "firefox-esr-branding-upstream-140.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-branding-upstream-140.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64"
        },
        "product_reference": "firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-common-140.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64"
        },
        "product_reference": "firefox-esr-translations-common-140.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-common-140.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le"
        },
        "product_reference": "firefox-esr-translations-common-140.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-common-140.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x"
        },
        "product_reference": "firefox-esr-translations-common-140.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-common-140.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64"
        },
        "product_reference": "firefox-esr-translations-common-140.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-other-140.9.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64"
        },
        "product_reference": "firefox-esr-translations-other-140.9.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-other-140.9.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le"
        },
        "product_reference": "firefox-esr-translations-other-140.9.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-other-140.9.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x"
        },
        "product_reference": "firefox-esr-translations-other-140.9.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "firefox-esr-translations-other-140.9.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        },
        "product_reference": "firefox-esr-translations-other-140.9.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59375",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-59375"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-59375",
          "url": "https://www.suse.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249584 for CVE-2025-59375",
          "url": "https://bugzilla.suse.com/1249584"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2026-4684",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4684"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4684",
          "url": "https://www.suse.com/security/cve/CVE-2026-4684"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4684",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4684"
    },
    {
      "cve": "CVE-2026-4685",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4685"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4685",
          "url": "https://www.suse.com/security/cve/CVE-2026-4685"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4685",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4685"
    },
    {
      "cve": "CVE-2026-4686",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4686"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4686",
          "url": "https://www.suse.com/security/cve/CVE-2026-4686"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4686",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4686"
    },
    {
      "cve": "CVE-2026-4687",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4687"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4687",
          "url": "https://www.suse.com/security/cve/CVE-2026-4687"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4687",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4687"
    },
    {
      "cve": "CVE-2026-4688",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4688"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4688",
          "url": "https://www.suse.com/security/cve/CVE-2026-4688"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4688",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4688"
    },
    {
      "cve": "CVE-2026-4689",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4689"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4689",
          "url": "https://www.suse.com/security/cve/CVE-2026-4689"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4689",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4689"
    },
    {
      "cve": "CVE-2026-4690",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4690"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4690",
          "url": "https://www.suse.com/security/cve/CVE-2026-4690"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4690",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4690"
    },
    {
      "cve": "CVE-2026-4691",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4691"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4691",
          "url": "https://www.suse.com/security/cve/CVE-2026-4691"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4691",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4691"
    },
    {
      "cve": "CVE-2026-4692",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4692"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4692",
          "url": "https://www.suse.com/security/cve/CVE-2026-4692"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4692",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4692"
    },
    {
      "cve": "CVE-2026-4693",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4693"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4693",
          "url": "https://www.suse.com/security/cve/CVE-2026-4693"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4693",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4693"
    },
    {
      "cve": "CVE-2026-4694",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4694"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4694",
          "url": "https://www.suse.com/security/cve/CVE-2026-4694"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4694",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4694"
    },
    {
      "cve": "CVE-2026-4695",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4695"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4695",
          "url": "https://www.suse.com/security/cve/CVE-2026-4695"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4695",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4695"
    },
    {
      "cve": "CVE-2026-4696",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4696"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4696",
          "url": "https://www.suse.com/security/cve/CVE-2026-4696"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4696",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4696"
    },
    {
      "cve": "CVE-2026-4697",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4697"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4697",
          "url": "https://www.suse.com/security/cve/CVE-2026-4697"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4697",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4697"
    },
    {
      "cve": "CVE-2026-4698",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4698"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4698",
          "url": "https://www.suse.com/security/cve/CVE-2026-4698"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4698",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4698"
    },
    {
      "cve": "CVE-2026-4699",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4699"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4699",
          "url": "https://www.suse.com/security/cve/CVE-2026-4699"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4699",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4699"
    },
    {
      "cve": "CVE-2026-4700",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4700"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4700",
          "url": "https://www.suse.com/security/cve/CVE-2026-4700"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4700",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4700"
    },
    {
      "cve": "CVE-2026-4701",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4701"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4701",
          "url": "https://www.suse.com/security/cve/CVE-2026-4701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4701",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4701"
    },
    {
      "cve": "CVE-2026-4702",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4702"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4702",
          "url": "https://www.suse.com/security/cve/CVE-2026-4702"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4702",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4702"
    },
    {
      "cve": "CVE-2026-4704",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4704"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4704",
          "url": "https://www.suse.com/security/cve/CVE-2026-4704"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4704",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4704"
    },
    {
      "cve": "CVE-2026-4705",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4705"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4705",
          "url": "https://www.suse.com/security/cve/CVE-2026-4705"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4705",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4705"
    },
    {
      "cve": "CVE-2026-4706",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4706"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4706",
          "url": "https://www.suse.com/security/cve/CVE-2026-4706"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4706",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4706"
    },
    {
      "cve": "CVE-2026-4707",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4707"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4707",
          "url": "https://www.suse.com/security/cve/CVE-2026-4707"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4707",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4707"
    },
    {
      "cve": "CVE-2026-4708",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4708"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4708",
          "url": "https://www.suse.com/security/cve/CVE-2026-4708"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4708",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4708"
    },
    {
      "cve": "CVE-2026-4709",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4709"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4709",
          "url": "https://www.suse.com/security/cve/CVE-2026-4709"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4709",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4709"
    },
    {
      "cve": "CVE-2026-4710",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4710"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4710",
          "url": "https://www.suse.com/security/cve/CVE-2026-4710"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4710",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4710"
    },
    {
      "cve": "CVE-2026-4711",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4711"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4711",
          "url": "https://www.suse.com/security/cve/CVE-2026-4711"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4711",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4711"
    },
    {
      "cve": "CVE-2026-4712",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4712"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4712",
          "url": "https://www.suse.com/security/cve/CVE-2026-4712"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4712",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4712"
    },
    {
      "cve": "CVE-2026-4713",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4713"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4713",
          "url": "https://www.suse.com/security/cve/CVE-2026-4713"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4713",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4713"
    },
    {
      "cve": "CVE-2026-4714",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4714"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4714",
          "url": "https://www.suse.com/security/cve/CVE-2026-4714"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4714",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4714"
    },
    {
      "cve": "CVE-2026-4715",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4715"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4715",
          "url": "https://www.suse.com/security/cve/CVE-2026-4715"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4715",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4715"
    },
    {
      "cve": "CVE-2026-4716",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4716"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4716",
          "url": "https://www.suse.com/security/cve/CVE-2026-4716"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4716",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4716"
    },
    {
      "cve": "CVE-2026-4717",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4717"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Privilege escalation in the Netmonitor component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4717",
          "url": "https://www.suse.com/security/cve/CVE-2026-4717"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4717",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4717"
    },
    {
      "cve": "CVE-2026-4718",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4718"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4718",
          "url": "https://www.suse.com/security/cve/CVE-2026-4718"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4718",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4718"
    },
    {
      "cve": "CVE-2026-4719",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4719"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4719",
          "url": "https://www.suse.com/security/cve/CVE-2026-4719"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4719",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4719"
    },
    {
      "cve": "CVE-2026-4720",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4720"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4720",
          "url": "https://www.suse.com/security/cve/CVE-2026-4720"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4720",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4720"
    },
    {
      "cve": "CVE-2026-4721",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-4721"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
          "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-4721",
          "url": "https://www.suse.com/security/cve/CVE-2026-4721"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260083 for CVE-2026-4721",
          "url": "https://bugzilla.suse.com/1260083"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-branding-upstream-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-common-140.9.0-1.1.x86_64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.aarch64",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.ppc64le",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.s390x",
            "openSUSE Tumbleweed:firefox-esr-translations-other-140.9.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-03-24T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-4721"
    }
  ]
}

CVE-2026-4710 (GCVE-0-2026-4710)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-26 18:54

Title

Incorrect boundary conditions in the Audio/Video component

Summary

Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2016370
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Sajeeb Lohani

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4710",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T18:52:46.444267Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T18:54:06.751Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sajeeb Lohani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:42.269Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016370"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Incorrect boundary conditions in the Audio/Video component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4710",
    "datePublished": "2026-03-24T12:30:35.852Z",
    "dateReserved": "2026-03-23T23:22:21.623Z",
    "dateUpdated": "2026-03-26T18:54:06.751Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4705 (GCVE-0-2026-4705)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 19:49

Title

Undefined behavior in the WebRTC: Signaling component

Summary

Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2014873
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4705",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T19:38:48.900474Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-758",
                "description": "CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T19:49:54.957Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:36.988Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014873"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Undefined behavior in the WebRTC: Signaling component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4705",
    "datePublished": "2026-03-24T12:30:32.731Z",
    "dateReserved": "2026-03-23T23:22:11.844Z",
    "dateUpdated": "2026-03-25T19:49:54.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4695 (GCVE-0-2026-4695)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-26 12:55

Title

Incorrect boundary conditions in the Audio/Video: Web Codecs component

Summary

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2020030
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Atte Kettunen

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4695",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T12:53:58.674425Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T12:55:56.648Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Atte Kettunen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:25.731Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020030"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Incorrect boundary conditions in the Audio/Video: Web Codecs component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4695",
    "datePublished": "2026-03-24T12:30:26.409Z",
    "dateReserved": "2026-03-23T23:21:52.856Z",
    "dateUpdated": "2026-03-26T12:55:56.648Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4715 (GCVE-0-2026-4715)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 19:49

Title

Uninitialized memory in the Graphics: Canvas2D component

Summary

Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2018405
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Jun Yang

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4715",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T19:34:24.461807Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T19:49:39.101Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jun Yang"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Uninitialized memory in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:47.567Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018405"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Uninitialized memory in the Graphics: Canvas2D component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4715",
    "datePublished": "2026-03-24T12:30:38.831Z",
    "dateReserved": "2026-03-23T23:22:31.885Z",
    "dateUpdated": "2026-03-25T19:49:39.101Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4693 (GCVE-0-2026-4693)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-26 12:51

Title

Incorrect boundary conditions in the Audio/Video: Playback component

Summary

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2018102
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Sajeeb Lohani

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4693",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T12:50:23.383438Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T12:51:09.049Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sajeeb Lohani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:24.031Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018102"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Incorrect boundary conditions in the Audio/Video: Playback component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4693",
    "datePublished": "2026-03-24T12:30:25.391Z",
    "dateReserved": "2026-03-23T23:21:48.963Z",
    "dateUpdated": "2026-03-26T12:51:09.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4694 (GCVE-0-2026-4694)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-26 12:53

Title

Incorrect boundary conditions, integer overflow in the Graphics component

Summary

Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2018430
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Sajeeb Lohani

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4694",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T12:52:39.470166Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T12:53:24.893Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sajeeb Lohani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Incorrect boundary conditions, integer overflow in the Graphics component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:24.853Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018430"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Incorrect boundary conditions, integer overflow in the Graphics component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4694",
    "datePublished": "2026-03-24T12:30:25.919Z",
    "dateReserved": "2026-03-23T23:21:50.706Z",
    "dateUpdated": "2026-03-26T12:53:24.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4709 (GCVE-0-2026-4709)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 20:44

Title

Incorrect boundary conditions in the Audio/Video: GMP component

Summary

Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2016329
	https://bugzilla.mozilla.org/show_bug.cgi?id=2016342
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Sajeeb Lohani

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4709",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T16:27:39.259980Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T16:27:43.368Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sajeeb Lohani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-25T20:44:46.357Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016329"
        },
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016342"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Incorrect boundary conditions in the Audio/Video: GMP component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4709",
    "datePublished": "2026-03-24T12:30:35.375Z",
    "dateReserved": "2026-03-23T23:22:19.524Z",
    "dateUpdated": "2026-03-25T20:44:46.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4714 (GCVE-0-2026-4714)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 16:10

Title

Incorrect boundary conditions in the Audio/Video component

Summary

Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2018126
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Sajeeb Lohani

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4714",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T16:10:07.067081Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T16:10:36.488Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sajeeb Lohani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:46.785Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018126"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Incorrect boundary conditions in the Audio/Video component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4714",
    "datePublished": "2026-03-24T12:30:38.311Z",
    "dateReserved": "2026-03-23T23:22:29.882Z",
    "dateUpdated": "2026-03-25T16:10:36.488Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4685 (GCVE-0-2026-4685)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-26 12:47

Title

Incorrect boundary conditions in the Graphics: Canvas2D component

Summary

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2016349
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Sajeeb Lohani

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4685",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T12:43:23.356262Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T12:47:50.705Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sajeeb Lohani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:16.924Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016349"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Incorrect boundary conditions in the Graphics: Canvas2D component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4685",
    "datePublished": "2026-03-24T12:30:21.064Z",
    "dateReserved": "2026-03-23T23:21:31.793Z",
    "dateUpdated": "2026-03-26T12:47:50.705Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4692 (GCVE-0-2026-4692)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 14:07

Title

Sandbox escape in the Responsive Design Mode component

Summary

Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-noinfo Not enough information

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2017643
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Tom Ritter

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.6,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4692",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T03:55:56.912626Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T14:07:21.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tom Ritter"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:23.041Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017643"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Sandbox escape in the Responsive Design Mode component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4692",
    "datePublished": "2026-03-24T12:30:24.864Z",
    "dateReserved": "2026-03-23T23:21:46.185Z",
    "dateUpdated": "2026-03-25T14:07:21.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4712 (GCVE-0-2026-4712)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 18:08

Title

Information disclosure in the Widget: Cocoa component

Summary

Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2017666
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Josh Aas

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4712",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T17:49:31.267492Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T18:08:03.408Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Josh Aas"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Information disclosure in the Widget: Cocoa component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:44.875Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017666"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Information disclosure in the Widget: Cocoa component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4712",
    "datePublished": "2026-03-24T12:30:37.333Z",
    "dateReserved": "2026-03-23T23:22:25.868Z",
    "dateUpdated": "2026-03-25T18:08:03.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59375 (GCVE-0-2025-59375)

Vulnerability from cvelistv5 – Published: 2025-09-15 00:00 – Updated: 2025-11-04 21:13

Summary

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

mitre

References

URL

Tags

	https://github.com/libexpat/libexpat/issues/1018
	https://github.com/libexpat/libexpat/pull/1034
	https://github.com/libexpat/libexpat/blob/676a4c5…
	https://issues.oss-fuzz.com/issues/439133977
	https://github.com/libexpat/libexpat/blob/R_2_7_2…

Impacted products

	Vendor	Product	Version
	libexpat project	libexpat	Affected: 0 , < 2.7.2 (semver)

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59375",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-15T20:22:58.509715Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-15T20:23:08.737Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:13:49.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/09/16/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libexpat",
          "vendor": "libexpat project",
          "versions": [
            {
              "lessThan": "2.7.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.7.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-17T13:21:47.961Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/libexpat/libexpat/issues/1018"
        },
        {
          "url": "https://github.com/libexpat/libexpat/pull/1034"
        },
        {
          "url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
        },
        {
          "url": "https://issues.oss-fuzz.com/issues/439133977"
        },
        {
          "url": "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-59375",
    "datePublished": "2025-09-15T00:00:00.000Z",
    "dateReserved": "2025-09-15T00:00:00.000Z",
    "dateUpdated": "2025-11-04T21:13:49.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4720 (GCVE-0-2026-4720)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 13:10

Title

Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

Summary

Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/buglist.cgi?bug_id=2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Christian Holler, Gabriele Svelto, Tom Schuster and the Mozilla Fuzzing Team

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4720",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T03:56:10.337285Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T13:10:13.381Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Christian Holler, Gabriele Svelto, Tom Schuster and the Mozilla Fuzzing Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:54.765Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149",
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2004652%2C2019372%2C2021922%2C2022567%2C2022733"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4720",
    "datePublished": "2026-03-24T12:30:43.271Z",
    "dateReserved": "2026-03-23T23:22:41.974Z",
    "dateUpdated": "2026-03-25T13:10:13.381Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4704 (GCVE-0-2026-4704)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 18:08

Title

Denial-of-service in the WebRTC: Signaling component

Summary

Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2014868
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4704",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T17:50:26.794152Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T18:08:08.247Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Denial-of-service in the WebRTC: Signaling component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:36.120Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014868"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Denial-of-service in the WebRTC: Signaling component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4704",
    "datePublished": "2026-03-24T12:30:32.214Z",
    "dateReserved": "2026-03-23T23:22:09.666Z",
    "dateUpdated": "2026-03-25T18:08:08.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4699 (GCVE-0-2026-4699)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-26 13:01

Title

Incorrect boundary conditions in the Layout: Text and Fonts component

Summary

Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2021863
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Matej Smycka

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4699",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T13:00:42.364409Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T13:01:10.587Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Matej Smycka"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Incorrect boundary conditions in the Layout: Text and Fonts component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:29.108Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021863"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Incorrect boundary conditions in the Layout: Text and Fonts component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4699",
    "datePublished": "2026-03-24T12:30:28.441Z",
    "dateReserved": "2026-03-23T23:22:01.062Z",
    "dateUpdated": "2026-03-26T13:01:10.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4700 (GCVE-0-2026-4700)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-26 13:03

Title

Mitigation bypass in the Networking: HTTP component

Summary

Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2003766
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

pizzahunthack1

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4700",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T13:02:08.019678Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-288",
                "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T13:03:27.938Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "pizzahunthack1"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Mitigation bypass in the Networking: HTTP component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:30.118Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003766"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Mitigation bypass in the Networking: HTTP component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4700",
    "datePublished": "2026-03-24T12:30:28.913Z",
    "dateReserved": "2026-03-23T23:22:03.357Z",
    "dateUpdated": "2026-03-26T13:03:27.938Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4697 (GCVE-0-2026-4697)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-26 12:58

Title

Incorrect boundary conditions in the Audio/Video: Web Codecs component

Summary

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2020422
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Lorenzo

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4697",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T12:57:57.923200Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T12:58:28.735Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Lorenzo"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:27.376Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020422"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Incorrect boundary conditions in the Audio/Video: Web Codecs component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4697",
    "datePublished": "2026-03-24T12:30:27.383Z",
    "dateReserved": "2026-03-23T23:21:57.119Z",
    "dateUpdated": "2026-03-26T12:58:28.735Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4702 (GCVE-0-2026-4702)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 19:50

Title

JIT miscompilation in the JavaScript Engine component

Summary

JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2013560
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4702",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T19:48:14.570163Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-843",
                "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T19:50:15.573Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "JIT miscompilation in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:32.681Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2013560"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "JIT miscompilation in the JavaScript Engine component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4702",
    "datePublished": "2026-03-24T12:30:30.743Z",
    "dateReserved": "2026-03-23T23:22:07.529Z",
    "dateUpdated": "2026-03-25T19:50:15.573Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4706 (GCVE-0-2026-4706)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 19:49

Title

Incorrect boundary conditions in the Graphics: Canvas2D component

Summary

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2015091
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Jun Yang

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4706",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T19:38:16.757316Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T19:49:49.707Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jun Yang"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:37.900Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015091"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Incorrect boundary conditions in the Graphics: Canvas2D component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4706",
    "datePublished": "2026-03-24T12:30:33.263Z",
    "dateReserved": "2026-03-23T23:22:13.686Z",
    "dateUpdated": "2026-03-25T19:49:49.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4689 (GCVE-0-2026-4689)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 14:05

Title

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

Summary

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-190 - Integer Overflow or Wraparound

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2016374
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Sajeeb Lohani

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 10,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4689",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T03:56:00.258280Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T14:05:39.137Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sajeeb Lohani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:20.521Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016374"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4689",
    "datePublished": "2026-03-24T12:30:23.260Z",
    "dateReserved": "2026-03-23T23:21:39.901Z",
    "dateUpdated": "2026-03-25T14:05:39.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4684 (GCVE-0-2026-4684)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 03:55

Title

Race condition, use-after-free in the Graphics: WebRender component

Summary

Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free
CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2011129
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Oskar L

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4684",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-24T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T03:55:48.183Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Oskar L"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Race condition, use-after-free in the Graphics: WebRender component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:16.119Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2011129"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Race condition, use-after-free in the Graphics: WebRender component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4684",
    "datePublished": "2026-03-24T12:30:20.420Z",
    "dateReserved": "2026-03-23T23:21:29.581Z",
    "dateUpdated": "2026-03-25T03:55:48.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4716 (GCVE-0-2026-4716)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 19:49

Title

Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component

Summary

Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-908 - Use of Uninitialized Resource

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2018592
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Pwn2addr

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4716",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T19:24:14.555574Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-908",
                "description": "CWE-908 Use of Uninitialized Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T19:49:33.955Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Pwn2addr"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:48.432Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018592"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4716",
    "datePublished": "2026-03-24T12:30:39.453Z",
    "dateReserved": "2026-03-23T23:22:33.703Z",
    "dateUpdated": "2026-03-25T19:49:33.955Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4686 (GCVE-0-2026-4686)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-26 12:47

Title

Incorrect boundary conditions in the Graphics: Canvas2D component

Summary

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2016351
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Sajeeb Lohani

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4686",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T12:44:29.643481Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T12:47:03.965Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sajeeb Lohani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:17.804Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016351"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Incorrect boundary conditions in the Graphics: Canvas2D component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4686",
    "datePublished": "2026-03-24T12:30:21.639Z",
    "dateReserved": "2026-03-23T23:21:33.801Z",
    "dateUpdated": "2026-03-26T12:47:03.965Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4690 (GCVE-0-2026-4690)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 14:07

Title

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

Summary

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-190 - Integer Overflow or Wraparound
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2016375
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Sajeeb Lohani

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.6,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4690",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T03:56:01.292493Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T14:07:54.846Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sajeeb Lohani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:21.321Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016375"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4690",
    "datePublished": "2026-03-24T12:30:23.812Z",
    "dateReserved": "2026-03-23T23:21:42.156Z",
    "dateUpdated": "2026-03-25T14:07:54.846Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4707 (GCVE-0-2026-4707)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 19:49

Title

Incorrect boundary conditions in the Graphics: Canvas2D component

Summary

Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2015267
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Sajeeb Lohani

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4707",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T19:37:12.279405Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T19:49:44.717Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sajeeb Lohani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Incorrect boundary conditions in the Graphics: Canvas2D component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:38.715Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015267"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Incorrect boundary conditions in the Graphics: Canvas2D component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4707",
    "datePublished": "2026-03-24T12:30:33.906Z",
    "dateReserved": "2026-03-23T23:22:15.462Z",
    "dateUpdated": "2026-03-25T19:49:44.717Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4698 (GCVE-0-2026-4698)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-26 13:00

Title

JIT miscompilation in the JavaScript Engine: JIT component

Summary

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2020906
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

maxpl0it working with Trend Micro Zero Day Initiative

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4698",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T12:59:20.870117Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-843",
                "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T13:00:10.421Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "maxpl0it working with Trend Micro Zero Day Initiative"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:28.283Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020906"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "JIT miscompilation in the JavaScript Engine: JIT component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4698",
    "datePublished": "2026-03-24T12:30:27.865Z",
    "dateReserved": "2026-03-23T23:21:58.886Z",
    "dateUpdated": "2026-03-26T13:00:10.421Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4708 (GCVE-0-2026-4708)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 16:31

Title

Incorrect boundary conditions in the Graphics component

Summary

Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2015268
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Sajeeb Lohani

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4708",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T16:28:54.434329Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T16:31:36.303Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sajeeb Lohani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:39.572Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2015268"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Incorrect boundary conditions in the Graphics component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4708",
    "datePublished": "2026-03-24T12:30:34.423Z",
    "dateReserved": "2026-03-23T23:22:17.660Z",
    "dateUpdated": "2026-03-25T16:31:36.303Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4721 (GCVE-0-2026-4721)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 13:09

Title

Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

Summary

Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/buglist.cgi?bug_id=2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Christian Holler, Timothy Nikkel, Tom Schuster and the Mozilla Fuzzing Team

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4721",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T03:56:11.360250Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T13:09:23.842Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Christian Holler, Timothy Nikkel, Tom Schuster and the Mozilla Fuzzing Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Memory safety bugs present in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:56.439Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149",
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2013762%2C2015291%2C2016591%2C2016661%2C2016664%2C2017303%2C2017894%2C2018090%2C2018196%2C2018379%2C2019112%2C2022090%2C2022243%2C2022351%2C2022478%2C2022676"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4721",
    "datePublished": "2026-03-24T12:30:44.312Z",
    "dateReserved": "2026-03-23T23:22:42.445Z",
    "dateUpdated": "2026-03-25T13:09:23.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4687 (GCVE-0-2026-4687)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 14:06

Title

Sandbox escape due to incorrect boundary conditions in the Telemetry component

Summary

Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2016368
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Sajeeb Lohani

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.6,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4687",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T03:55:57.976646Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T14:06:49.307Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sajeeb Lohani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:18.678Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016368"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Sandbox escape due to incorrect boundary conditions in the Telemetry component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4687",
    "datePublished": "2026-03-24T12:30:22.179Z",
    "dateReserved": "2026-03-23T23:21:35.819Z",
    "dateUpdated": "2026-03-25T14:06:49.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4701 (GCVE-0-2026-4701)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-26 13:05

Title

Use-after-free in the JavaScript Engine component

Summary

Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2009303
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Gary Kwong

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4701",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T13:04:34.007549Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T13:05:31.395Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Gary Kwong"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:31.023Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009303"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Use-after-free in the JavaScript Engine component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4701",
    "datePublished": "2026-03-24T12:30:29.700Z",
    "dateReserved": "2026-03-23T23:22:05.456Z",
    "dateUpdated": "2026-03-26T13:05:31.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4696 (GCVE-0-2026-4696)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-26 12:57

Title

Use-after-free in the Layout: Text and Fonts component

Summary

Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2020190
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Sota Wada

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4696",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T12:56:36.785179Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T12:57:13.773Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sota Wada"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Use-after-free in the Layout: Text and Fonts component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:26.613Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2020190"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Use-after-free in the Layout: Text and Fonts component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4696",
    "datePublished": "2026-03-24T12:30:26.919Z",
    "dateReserved": "2026-03-23T23:21:55.045Z",
    "dateUpdated": "2026-03-26T12:57:13.773Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4713 (GCVE-0-2026-4713)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 16:13

Title

Incorrect boundary conditions in the Graphics component

Summary

Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2018113
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Sajeeb Lohani

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4713",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T16:13:05.618870Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-754",
                "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T16:13:37.918Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sajeeb Lohani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:45.887Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018113"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Incorrect boundary conditions in the Graphics component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4713",
    "datePublished": "2026-03-24T12:30:37.800Z",
    "dateReserved": "2026-03-23T23:22:27.865Z",
    "dateUpdated": "2026-03-25T16:13:37.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4691 (GCVE-0-2026-4691)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-26 12:49

Title

Use-after-free in the CSS Parsing and Computation component

Summary

Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2017512
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 115.34 (custom)
	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Fabius Artrel

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4691",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-26T12:49:03.878448Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-26T12:49:32.902Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.34",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Fabius Artrel"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Use-after-free in the CSS Parsing and Computation component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:22.137Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017512"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-21/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Use-after-free in the CSS Parsing and Computation component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4691",
    "datePublished": "2026-03-24T12:30:24.376Z",
    "dateReserved": "2026-03-23T23:21:44.154Z",
    "dateUpdated": "2026-03-26T12:49:32.902Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4717 (GCVE-0-2026-4717)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 13:11

Title

Privilege escalation in the Netmonitor component

Summary

Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-noinfo Not enough information

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2021695
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Satoki Tsuji

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4717",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T03:56:09.242900Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T13:11:11.515Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Satoki Tsuji"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Privilege escalation in the Netmonitor component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Privilege escalation in the Netmonitor component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:49.291Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2021695"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Privilege escalation in the Netmonitor component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4717",
    "datePublished": "2026-03-24T12:30:40.175Z",
    "dateReserved": "2026-03-23T23:22:35.771Z",
    "dateUpdated": "2026-03-25T13:11:11.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4688 (GCVE-0-2026-4688)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 14:08

Title

Sandbox escape due to use-after-free in the Disability Access APIs component

Summary

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2016373
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Sajeeb Lohani

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.6,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4688",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T03:55:59.035622Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T14:08:27.170Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sajeeb Lohani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:19.437Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016373"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Sandbox escape due to use-after-free in the Disability Access APIs component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4688",
    "datePublished": "2026-03-24T12:30:22.710Z",
    "dateReserved": "2026-03-23T23:21:37.949Z",
    "dateUpdated": "2026-03-25T14:08:27.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4719 (GCVE-0-2026-4719)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 19:49

Title

Incorrect boundary conditions in the Graphics: Text component

Summary

Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2016367
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Sajeeb Lohani

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4719",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T19:08:12.648684Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T19:49:16.511Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sajeeb Lohani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:54.023Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016367"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Incorrect boundary conditions in the Graphics: Text component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4719",
    "datePublished": "2026-03-24T12:30:42.762Z",
    "dateReserved": "2026-03-23T23:22:39.782Z",
    "dateUpdated": "2026-03-25T19:49:16.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4711 (GCVE-0-2026-4711)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 16:25

Title

Use-after-free in the Widget: Cocoa component

Summary

Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2017002
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Josh Aas

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4711",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T16:25:02.389182Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T16:25:17.158Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Josh Aas"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Use-after-free in the Widget: Cocoa component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:43.111Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017002"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Use-after-free in the Widget: Cocoa component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4711",
    "datePublished": "2026-03-24T12:30:36.392Z",
    "dateReserved": "2026-03-23T23:22:23.818Z",
    "dateUpdated": "2026-03-25T16:25:17.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4718 (GCVE-0-2026-4718)

Vulnerability from cvelistv5 – Published: 2026-03-24 12:30 – Updated: 2026-03-25 19:49

Title

Undefined behavior in the WebRTC: Signaling component

Summary

Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2014864
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Affected: unspecified , < 149 (custom)

	Mozilla	Firefox ESR	Affected: unspecified , < 140.9 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 149 (custom)
	Mozilla	Thunderbird	Affected: unspecified , < 140.9 (custom)

Credits

Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4718",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T19:11:07.322179Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-758",
                "description": "CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T19:49:21.495Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "149",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
            }
          ],
          "value": "Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 140.9, Thunderbird \u003c 149, and Thunderbird \u003c 140.9."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-24T20:27:53.066Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2014864"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-20/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-23/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/"
        }
      ],
      "title": "Undefined behavior in the WebRTC: Signaling component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-4718",
    "datePublished": "2026-03-24T12:30:42.279Z",
    "dateReserved": "2026-03-23T23:22:37.804Z",
    "dateUpdated": "2026-03-25T19:49:21.495Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.