Memory Safety Vulnerabilities in Firefox and Thunderbird Products by Mozilla
CVE-2026-7323

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-7323?

Memory safety vulnerabilities have been identified in Mozilla's Firefox and Thunderbird, affecting versions ESR 140.10.0 and 150.0.0. These vulnerabilities are characterized by evidence of memory corruption, which could potentially be exploited to execute arbitrary code under specific conditions. The issue has been addressed and remedied in the subsequent releases: Firefox 150.0.1 and Firefox ESR 140.10.1.

Affected Version(s)

Firefox 140.10.1

Firefox 150.0.1

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=2028537%2...

https://www.mozilla.org/security/advisories/mfsa2026-35/

https://www.mozilla.org/security/advisories/mfsa2026-36/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Apr 28, 2026

Credit

Ryan Hunt, Steve Fink and the Mozilla Fuzzing Team

CVE-2026-7323 Data

JSON