Zero Day MonitorZDM

← Back to list

7.3

CVE-2026-7323PATCHED

mozilla · firefox

Memory safety bugs fixed in Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1

Description

Memory safety bugs present in Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1 and Firefox ESR 140.10.1.

Affected Products

Vendor	Product	Versions
mozilla	firefox	—

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=2028537%2C2029911%2C2031121%2C2033602
https://www.mozilla.org/security/advisories/mfsa2026-35/
https://www.mozilla.org/security/advisories/mfsa2026-36/

Related News (3 articles)

Tier D

SecurityWeek4h ago

Chrome 147, Firefox 150 Security Updates Rolling Out

→ No new info (linked only)

Tier C

VulDB21h ago

CVE-2026-7323 | Mozilla Firefox up to 150.0.0 memory corruption

→ No new info (linked only)

Tier C

VulDB21h ago

CVE-2026-7323 | Mozilla Thunderbird up to 150.0.0 memory corruption

→ No new info (linked only)

CVSS 3.17.3 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

Patch available

140.10.1150.0.1

CWECWE-119

PublishedApr 28, 2026

Last enriched17h agov2

Tags

memory corruption

Trending Score39

Source articles3

Independent2

Info Completeness7/14

Missing: versions, cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-7324EXP

Memory safety bugs fixed in Firefox 150.0.1 and Thunderbird 150.0.1

HIGHCVE-2026-7320EXP

Information disclosure due to incorrect boundary conditions in the Audio/Video component

HIGHCVE-2026-7322EXP

Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1

CRITICALCVE-2026-7321

Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component

CRITICALCVE-2026-6768EXP

Mitigation bypass in the Networking: Cookies component

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 28, 2026

Patch Available

Apr 28, 2026

Discovered by ZDM

Apr 28, 2026

Updated: severity, cweIds, tags

Apr 28, 2026

Version History

v2

Last enriched 17h ago

v2Tier C21h ago

Updated severity to CRITICAL, added CWE-119, and changed exploit availability to false.

severitycweIdstags

via VulDB

v123h ago

Initial creation