Memory Safety Vulnerabilities in Firefox and Thunderbird by Mozilla
CVE-2026-5735

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 7 April 2026

What is CVE-2026-5735?

Mozilla's Firefox and Thunderbird versions 149.0.1 are impacted by memory safety bugs that may lead to memory corruption. These vulnerabilities pose a risk of potential arbitrary code execution, which can significantly compromise the affected systems. Users are urged to update to version 149.0.2 or later to mitigate these risks. For further details, refer to the Mozilla security advisories and bug reports.

Affected Version(s)

Firefox < 149.0.2

Thunderbird < 149.0.2

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=2025475%2...

https://www.mozilla.org/security/advisories/mfsa2026-25/

https://www.mozilla.org/security/advisories/mfsa2026-28/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Apr 7, 2026

Credit

Brian Grinstead, Christian Holler and the Mozilla Fuzzing Team

CVE-2026-5735 Data

JSON