- 56/2026
- High
Mozilla has released an updated Firefox version 148.0.2 to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the attacker to perform spoofing attacks, bypass security restrictions, perform denial-of-service attacks, execute arbitrary code, and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Mozilla Firefox Memory Safety Bugs Vulnerability (CVE-2026-3847):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Mozilla Firefox Same-Origin Policy Bypass in the CSS Parsing and Computation Component Vulnerability (CVE-2026-3846):
- CVSS: 6.5
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Bypass Security
Vulnerabilities
- CVE-2026-3845
- CVE-2026-3846
- CVE-2026-3847
- CVE-2026-2919
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.