- 146/2026
- Critical
Mozilla has released an updated Firefox version 151, Firefox ESR versions 115.36 and 140.11 to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the remote attacker to conduct denial-of- service and spoofing attacks, obtain sensitive information, bypass security restrictions, gain elevated privileges, execute arbitrary code, and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Mozilla Firefox Sandbox Escape in the Profile Backup Component Vulnerability (CVE-2026-8401):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. Mozilla Firefox Privilege Escalation in the Security Component Vulnerability (CVE-2026-8970):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Privileges
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.