PatchSiren cyber security CVE debrief
CVE-2026-5732 Mozilla CVE debrief
CVE-2026-5732 is a high-severity vulnerability affecting Mozilla Firefox and Thunderbird. The vulnerability is caused by incorrect boundary conditions and integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1. The CVSS score for this vulnerability is 8.8, indicating a high level of severity. Users of affected products should update to the latest versions as soon as possible.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-07
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-07
- Advisory updated
- 2026-06-30
Who should care
Users of Mozilla Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR should be aware of this vulnerability and take steps to protect themselves. This includes updating to the latest versions of the software. Additionally, organizations using these products should ensure that their systems are up to date and consider implementing additional security measures to protect against potential attacks.
Technical summary
CVE-2026-5732 is a high-severity vulnerability affecting Mozilla Firefox and Thunderbird. The vulnerability is caused by incorrect boundary conditions and integer overflow in the Graphics: Text component. This vulnerability can be exploited by attackers to potentially execute arbitrary code on affected systems. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a high level of severity. The vulnerability is classified as CWE-190.
Defensive priority
High
Recommended defensive actions
- Update to Firefox 149.0.2 or later
- Update to Firefox ESR 140.9.1 or later
- Update to Thunderbird 149.0.2 or later
- Update to Thunderbird 140.9.1 or later
- Implement additional security measures to protect against potential attacks
Evidence notes
The CVE-2026-5732 vulnerability was publicly disclosed on April 7, 2026, and has since been modified on June 30, 2026. The vulnerability affects multiple products, including Mozilla Firefox and Thunderbird. The CVSS score for this vulnerability is 8.8, indicating a high level of severity.
Official resources
-
CVE-2026-5732 CVE record
CVE.org
-
CVE-2026-5732 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Issue Tracking, Permissions Required
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
- Source reference
- Source reference
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article was generated with AI assistance and is based on the supplied source corpus.