Memory Safety Vulnerabilities in Firefox and Thunderbird by Mozilla
CVE-2026-5734

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-5734?

The vulnerability involves memory safety issues in Firefox and Thunderbird. Specifically, certain versions exhibit vulnerabilities tied to memory corruption, which could potentially be exploited to execute arbitrary code. Affected versions include Firefox 149.0.1 and Thunderbird 149.0.1, along with earlier ESR versions. Updating to Firefox 149.0.2 or Thunderbird 149.0.2 is recommended to mitigate these risks. Mozilla has addressed these critical memory safety concerns in their latest security advisories.

Affected Version(s)

Firefox < 149.0.2

Firefox ESR < 140.9.1

Thunderbird < 149.0.2

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2...

https://www.mozilla.org/security/advisories/mfsa2026-25/

https://www.mozilla.org/security/advisories/mfsa2026-27/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

Brian Grinstead, Christian Holler, Tom Schuster and the Mozilla Fuzzing Team

CVE-2026-5734 Data

JSON