Critical Vulnerabilities in Firefox and Thunderbird Require Immediate Patching

Critical Vulnerabilities in Firefox and Thunderbird Require Immediate Patching

First seen 25 Mar 2026, 13:47 UTC FeedlyCybersecuritynews 76% similarity 79.5

Article Content

Browse articles
ThreatCluster

Multiple critical vulnerabilities have been identified in Firefox and Thunderbird, specifically CVE-2026-4720, CVE-2026-4710, and CVE-2026-4705, all published on March 24, 2026. These vulnerabilities involve memory safety issues and out-of-bounds writes that can be exploited remotely without user interaction, leading to complete system compromise. Affected versions include Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird ESR < 140.9. The vulnerabilities have been assigned a CVSS score of 9.8, indicating a critical risk to confidentiality, integrity, and availability. Patches have been released, and users are urged to update to Firefox 149 or later and Thunderbird 149 or later immediately. There is currently no evidence of public proof-of-concept or active exploitation. Security advisories have been issued by Mozilla and other organizations. Organizations should prioritize patching as a critical remediation task.

Key Points: • Three critical vulnerabilities (CVE-2026-4720, CVE-2026-4710, CVE-2026-4705) affect Firefox and Thunderbird. • Exploitation can occur remotely without user interaction, posing significant risks. • Patches are available; immediate updates to Firefox 149 and Thunderbird 149 are essential.

ThreatCluster AI

Timeline

2026-03-24
CVE-2026-4705 published
2026-03-24
CVE-2026-4710 published
2026-03-24
CVE-2026-4720 published
2026-03-24
Firefox 149 released with patches for vulnerabilities
2026-03-25
Security advisories issued by Mozilla and others

Community

Browse all →