Mozilla Product Security Update Advisory
Mozilla has released a security update that addresses multiple vulnerabilities in Firefox, Firefox ESR, Thunderbird, and Firefox Focus for Android.
- CVE-2026-8945 is a sandbox escape vulnerability in Firefox and Firefox Focus for Android. a sandbox is a protection feature that limits the scope of a program’s execution.
- CVE-2026-8946 is an improper boundary condition vulnerability in Web Codes in Audio/Video.
- CVE-2026-8947 is a post-release use vulnerability in DOM: Bindings (WEBIDL). a use-after-free is an error that reuses memory that has already been freed.
- CVE-2026-8948 is a Same Source Policy Bypass vulnerability in DOM: Networking.
- CVE-2026-8973 is a memory safety vulnerability in Firefox.
- CVE-2026-8975 is a memory safety vulnerability in Firefox ESR and Firefox.
affected Versions are as follows
- CVE-2026-8945: Firefox 151 and earlier.
- CVE-2026-8946, CVE-2026-8947, CVE-2026-8975: Firefox before 151, Firefox ESR before 115.36, Firefox ESR before 140.11, Thunderbird before 151, Thunderbird before 140.11.
- CVE-2026-8948, CVE-2026-8973: Firefox before 151, Thunderbird before 151.
vulnerability Patches have been made available in the latest updates, and users of the affected products should update to the latest version as indicated.