Security Advisory

Mozilla Product Security Update Advisory

  • Mar 26 2026
Mozilla Product Security Update Advisory

overview

We have released security updates that address vulnerabilities in Mozilla products. users of affected products are encouraged to update to the latest version.

affected products

Cve-2026-4684, cve-2026-4685, cve-2026-4686, cve-2026-4687, cve-2026-4687, cve-2026-4689, cve-2026-4690, cve-2026-4691, cve-2026-4693, cve-2026-4696, cve-2026-4698, cve-2026-4699

Firefox versions: 149 and below
Firefox ESR Version: 115.34 and below
Firefox ESR version: 140.9 or lower
Thunderbird version: below 149
Thunderbird version: less than 140.9

Cve-2026-4688, cve-2026-4695, cve-2026-4697

Firefox version: 149 and below
Firefox ESR version: below 140.9
Thunderbird version: 149 and below
Thunderbird version: less than 140.9

resolved Vulnerabilities

Graphics: Race condition and post-release use vulnerability in the WebRender component (CVE-2026-4684)
Graphics: Incorrect Boundary Condition Handling Vulnerability in the Canvas2D Component (CVE-2026-4685)
Graphics: Incorrect Boundary Condition Handling Vulnerability in the Canvas2D Component (CVE-2026-4686)
Sandbox escape vulnerability due to malformed boundary conditions in the Telemetry component (CVE-2026-4687)
Sandbox escape vulnerability due to use after disable in the Disability Access APIs component (CVE-2026-4688)
Sandbox escape vulnerability due to incorrect boundary conditions and integer overflow in the XPCOM component (CVE-2026-4690)
Use-after-disable vulnerability in the CSS Parsing and Calculations component (CVE-2026-4691)
Audio/Video: Incorrect Boundary Condition Handling Vulnerability in the Playback component (CVE-2026-4693)
Audio/Video: Incorrect Boundary Condition Handling Vulnerability in the Web Codecs component (CVE-2026-4695)
Layout: Use-after-disable vulnerability in the Text and Fonts component (CVE-2026-4696)
Audio/Video: Incorrect boundary condition handling vulnerability in the Web Codecs component (CVE-2026-4697)
JavaScript Engine: JIT miscompilation vulnerability in the JIT component (CVE-2026-4698)
Layout: Incorrect boundary condition handling vulnerability in the Text and Fonts component (CVE-2026-4699)

vulnerability patches

Vulnerability patches have been made available in the latest update. please follow the instructions on the reference site to update to the latest version of the vulnerability patch.

Cve-2026-4684, cve-2026-4685, cve-2026-4686, cve-2026-4687, cve-2026-4687, cve-2026-4690, cve-2026-4691, cve-2026-4693, cve-2026-4696, cve-2026-4698, cve-2026-4699

Firefox Version: 149
Firefox ESR Version: 115.34
Firefox ESR Version: 140.9
Thunderbird Version: 149
Thunderbird version: 140.9

Cve-2026-4688, cve-2026-4695, cve-2026-4697

Firefox Version: 149
Firefox ESR Version: 140.9
Thunderbird Version: 149
Thunderbird version: 140.9

references

[1] Mozilla Foundation Security Advisory 2026-20
https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/
[2] Mozilla Foundation Security Advisory 2026-21
https://www.mozilla.org/en-US/security/advisories/mfsa2026-21/
[3] Mozilla Foundation Security Advisory 2026-22
https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/
[4] Mozilla Foundation Security Advisory 2026-23
https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/
[5] Mozilla Foundation Security Advisory 2026-24
https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/

Tags:
Previous Post

Next Post