Mozilla Product Security Update Advisory
Overview
Mozilla has released a security update that addresses several vulnerabilities found in Firefox, Firefox ESR, and Thunderbird. Users of these products should update to the latest version.
Affected Products and Vulnerabilities
- CVE-2026-8388, CVE-2026-8391.
- Firefox 150.0.2 And earlier.
- Firefox ESR 115.35 And earlier.
- Firefox ESR 140.10 And earlier.
- Thunderbird 140.10 Or earlier.
- CVE-2026-12298.
- Firefox versions below 152.
- Firefox ESR 140.11 Or earlier.
- Thunderbird 140.11 Or earlier.
- Thunderbird earlier than 152.
- CVE-2026-12299.
- Firefox earlier than 152.
- Firefox ESR 115.36 Or earlier.
- Firefox ESR 140.11 Or earlier.
- Thunderbird 140.11 Or earlier.
- Thunderbird versions prior to 152.
- CVE-2026-12329.
- Firefox ESR 140.11 Or earlier.
- Thunderbird 140.11 Or earlier.
- CVE-2026-14241.
- Firefox 152.0.3.
Types of Vulnerabilities Resolved
- JavaScript Engine: Boundary condition vulnerability in the JIT (Just-In-Time, dynamic compilation for performance improvement) component (CVE-2026-8388).
- Other security vulnerabilities in the JavaScript Engine component (CVE-2026-8391).
- Memory safety vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2026-12298).
- JIT decompilation vulnerability in the DOM: Core & HTML components (CVE-2026-12299).
- Memory safety vulnerability in Firefox ESR and Thunderbird (CVE-2026-12329).
- Memory safety vulnerability in Firefox (CVE-2026-14241).
Patch Versions
- CVE-2026-8388, CVE-2026-8391.
- Firefox 150.0.3.
- Firefox ESR 115.36.
- Firefox ESR 140.11.
- Thunderbird 140.11.
- CVE-2026-12298.
- Firefox 152.
- Firefox ESR 140.12.
- Thunderbird 140.12.
- Thunderbird 152.
- CVE-2026-12299.
- Firefox 152.
- Firefox ESR 115.37.
- Firefox ESR 140.12.
- Thunderbird 140.12.
- Thunderbird 152.
- CVE-2026-12329.
- Firefox ESR 140.12.
- Thunderbird 140.12.
- CVE-2026-14241.
- Firefox 152.0.4.
Note
Mozilla has advised users to update to the latest version with Vulnerability Patches, as outlined on the reference site.