- 95/2026
- Critical
Mozilla has released an updated Firefox version 150, Firefox ESR versions 115.35 and 140.10 to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, manipulate data, gain elevated privileges, obtain sensitive information, perform denial-of-services and spoofing attacks, execute arbitrary code, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Mozilla Firefox Uninitialized Memory in the Audio/Video: Web Codecs Component Vulnerability (CVE-2026-6748):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Mozilla Firefox Mitigation Bypass in the DOM: Security Component Vulnerability (CVE-2026-6771):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.