Back

Critical Vulnerabilities in Firefox and Thunderbird Require Immediate Patching

Severity: High (Score: 79.5)

Sources: Cybersecuritynews, Feedly

Summary

Multiple critical vulnerabilities have been identified in Firefox and Thunderbird, specifically CVE-2026-4720, CVE-2026-4710, and CVE-2026-4705, all published on March 24, 2026. These vulnerabilities involve memory safety issues and out-of-bounds writes that can be exploited remotely without user interaction, leading to complete system compromise. Affected versions include Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird ESR < 140.9. The vulnerabilities have been assigned a CVSS score of 9.8, indicating a critical risk to confidentiality, integrity, and availability. Patches have been released, and users are urged to update to Firefox 149 or later and Thunderbird 149 or later immediately. There is currently no evidence of public proof-of-concept or active exploitation. Security advisories have been issued by Mozilla and other organizations. Organizations should prioritize patching as a critical remediation task. Key Points: • Three critical vulnerabilities (CVE-2026-4720, CVE-2026-4710, CVE-2026-4705) affect Firefox and Thunderbird. • Exploitation can occur remotely without user interaction, posing significant risks. • Patches are available; immediate updates to Firefox 149 and Thunderbird 149 are essential.

Key Entities

  • Zero-day Exploit (attack_type)
  • CVE-2026-4705 (cve)
  • CVE-2026-4710 (cve)
  • CVE-2026-4720 (cve)
  • Firefox (platform)
  • Firefox ESR (platform)
  • Linux (platform)
  • Mozilla Firefox (platform)
  • RedHat (platform)
  • OpenSUSE (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed