Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN446 _____________________________________________________________________ DATE : 30/04/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Firefox versions prior to 150.0.1, 140.10.1, 115.35.1. ===================================================================== https://www.mozilla.org/en-US/security/advisories/mfsa2026-35/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/ https://www.mozilla.org/en-US/security/advisories/mfsa2026-37/ _____________________________________________________________________ Mozilla Foundation Security Advisory 2026-35 Security Vulnerabilities fixed in Firefox 150.0.1 Announced April 28, 2026 Impact high Products Firefox Fixed in Firefox 150.0.1 #CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component Reporter Xuehao Guo Impact high References Bug 2027433 #CVE-2026-7322: Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1 Reporter C.M.Chang, Christian Holler, Steve Fink and the Mozilla Fuzzing Team Impact critical Description Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1 #CVE-2026-7323: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 Reporter Ryan Hunt, Steve Fink and the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 #CVE-2026-7324: Memory safety bugs fixed in Firefox 150.0.1 Reporter The Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 150.0.1 _____________________________________________________________________ Mozilla Foundation Security Advisory 2026-36 Security Vulnerabilities fixed in Firefox ESR 140.10.1 Announced April 28, 2026 Impact high Products Firefox ESR Fixed in Firefox ESR 140.10.1 #CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component Reporter Xuehao Guo Impact high References Bug 2027433 #CVE-2026-7321: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component Reporter The Mozilla Fuzzing Team Impact moderate References Bug 2029461 #CVE-2026-7322: Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1 Reporter C.M.Chang, Christian Holler, Steve Fink and the Mozilla Fuzzing Team Impact critical Description Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1 #CVE-2026-7323: Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 Reporter Ryan Hunt, Steve Fink and the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 140.10.1 and Firefox 150.0.1 _____________________________________________________________________ Mozilla Foundation Security Advisory 2026-37 Security Vulnerabilities fixed in Firefox ESR 115.35.1 Announced April 28, 2026 Impact high Products Firefox ESR Fixed in Firefox ESR 115.35.1 #CVE-2026-7320: Information disclosure due to incorrect boundary conditions in the Audio/Video component Reporter Xuehao Guo Impact high References Bug 2027433 #CVE-2026-7322: Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1 Reporter C.M.Chang, Christian Holler, Steve Fink and the Mozilla Fuzzing Team Impact critical Description Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================