Zero Day MonitorZDM

← Back to list

7.3

CVE-2026-7324EXPLOITEDPATCHED

mozilla · firefox

Memory safety bugs fixed in Firefox 150.0.1 and Thunderbird 150.0.1

Description

Memory safety bugs present in Firefox 150.0.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1.

Affected Products

Vendor	Product	Versions
mozilla	firefox	< 150

References

Related News (4 articles)

Tier C

Schneier on Security2h ago

Claude Mythos Has Found 271 Zero-Days in Firefox

→ No new info (linked only)

Tier D

SecurityWeek2h ago

Chrome 147, Firefox 150 Security Updates Rolling Out

→ No new info (linked only)

Tier C

VulDB19h ago

CVE-2026-7324 | Mozilla Thunderbird up to 150.0.0 memory corruption

→ No new info (linked only)

Tier C

VulDB19h ago

CVE-2026-7324 | Mozilla Firefox up to 150.0.0 memory corruption

→ No new info (linked only)

CVSS 3.17.3 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

150.0.1

CWECWE-119

PublishedApr 28, 2026

Last enriched19h agov2

Tags

memory corruptionzero-dayai-assisted discoverybrowser security

Trending Score75

Source articles4

Independent3

Info Completeness8/14

Missing: versions, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-7320EXP

Information disclosure due to incorrect boundary conditions in the Audio/Video component

HIGHCVE-2026-7322EXP

Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1

HIGHCVE-2026-7323

Memory safety bugs fixed in Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1

CRITICALCVE-2026-7321

Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component

CRITICALCVE-2026-6768EXP

Mitigation bypass in the Networking: Cookies component

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 28, 2026

Discovered by ZDM

Apr 28, 2026

Actively Exploited

Apr 28, 2026

Patch Available

Apr 28, 2026

Updated: severity, cweIds, activelyExploited, tags

Apr 28, 2026

Version History

v2

Last enriched 19h ago

v2Tier C19h ago

Updated severity to CRITICAL, added CWE-119, and marked the vulnerability as actively exploited.

severitycweIdsactivelyExploitedtags

via VulDB

v121h ago

Initial creation