Mozilla Product Security Update Advisory

Mozilla Product Security Update Advisory

Overview

Mozilla has released a security update that addresses several vulnerabilities found in Firefox, Firefox ESR, and Thunderbird. Users of these products should update to the latest version.

Affected Products and Vulnerabilities

  • CVE-2026-8388, CVE-2026-8391.
    • Firefox 150.0.2 And earlier.
    • Firefox ESR 115.35 And earlier.
    • Firefox ESR 140.10 And earlier.
    • Thunderbird 140.10 Or earlier.
  • CVE-2026-12298.
    • Firefox versions below 152.
    • Firefox ESR 140.11 Or earlier.
    • Thunderbird 140.11 Or earlier.
    • Thunderbird earlier than 152.
  • CVE-2026-12299.
    • Firefox earlier than 152.
    • Firefox ESR 115.36 Or earlier.
    • Firefox ESR 140.11 Or earlier.
    • Thunderbird 140.11 Or earlier.
    • Thunderbird versions prior to 152.
  • CVE-2026-12329.
    • Firefox ESR 140.11 Or earlier.
    • Thunderbird 140.11 Or earlier.
  • CVE-2026-14241.
    • Firefox 152.0.3.

Types of Vulnerabilities Resolved

  • JavaScript Engine: Boundary condition vulnerability in the JIT (Just-In-Time, dynamic compilation for performance improvement) component (CVE-2026-8388).
  • Other security vulnerabilities in the JavaScript Engine component (CVE-2026-8391).
  • Memory safety vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2026-12298).
  • JIT decompilation vulnerability in the DOM: Core & HTML components (CVE-2026-12299).
  • Memory safety vulnerability in Firefox ESR and Thunderbird (CVE-2026-12329).
  • Memory safety vulnerability in Firefox (CVE-2026-14241).

Patch Versions

  • CVE-2026-8388, CVE-2026-8391.
    • Firefox 150.0.3.
    • Firefox ESR 115.36.
    • Firefox ESR 140.11.
    • Thunderbird 140.11.
  • CVE-2026-12298.
    • Firefox 152.
    • Firefox ESR 140.12.
    • Thunderbird 140.12.
    • Thunderbird 152.
  • CVE-2026-12299.
    • Firefox 152.
    • Firefox ESR 115.37.
    • Firefox ESR 140.12.
    • Thunderbird 140.12.
    • Thunderbird 152.
  • CVE-2026-12329.
    • Firefox ESR 140.12.
    • Thunderbird 140.12.
  • CVE-2026-14241.
    • Firefox 152.0.4.

Note

Mozilla has advised users to update to the latest version with Vulnerability Patches, as outlined on the reference site.