SB20260428226 - Multiple vulnerabilities in Mozilla Firefox
Published: April 28, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2026-7324)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
2) Buffer overflow (CVE-ID: CVE-2026-7323)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to memory corruption when rendering web content. A remote attacker can trigger memory corruption using specially crafted web content to execute arbitrary code.
3) Input validation error (CVE-ID: CVE-2026-7321)
The vulnerability allows a remote attacker to escape the sandbox.
The vulnerability exists due to incorrect boundary conditions in the WebRTC: Networking component when handling WebRTC network traffic. A remote attacker can trigger specially crafted WebRTC network interactions to escape the sandbox.
User interaction is required to visit a specially crafted website or URL.
4) Buffer overflow (CVE-ID: CVE-2026-7322)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to memory corruption when processing crafted web content. A remote attacker can trigger memory safety bugs to execute arbitrary code.
5) Out-of-bounds read (CVE-ID: CVE-2026-7320)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to incorrect boundary conditions in the Audio/Video component when processing media content. A remote attacker can cause the browser to process specially crafted media content to disclose sensitive information.
Remediation
Install update from vendor's website.
References
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-35/
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029419
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029717
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029769
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029886
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2028537
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029911
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2031121
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2033602
- https://bugzilla.mozilla.org/show_bug.cgi?id=2029461
- https://www.mozilla.org/en-US/security/advisories/mfsa2026-37/
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2021904
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022731
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2027158
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2027733
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2027973
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2027976
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2028231
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2028731
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2028886
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029067
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029700
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029724
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029806
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2029814
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2030108
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2030111
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2031524
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2031921
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2032040
- https://bugzilla.mozilla.org/show_bug.cgi?id=2027433