PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-5732 Mozilla CVE debrief

CVE-2026-5732 is a high-severity vulnerability affecting Mozilla Firefox and Thunderbird. The vulnerability is caused by incorrect boundary conditions and integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1. The CVSS score for this vulnerability is 8.8, indicating a high level of severity. Users of affected products should update to the latest versions as soon as possible.

Vendor
Mozilla
Product
Firefox
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-07
Original CVE updated
2026-06-30
Advisory published
2026-04-07
Advisory updated
2026-06-30

Who should care

Users of Mozilla Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR should be aware of this vulnerability and take steps to protect themselves. This includes updating to the latest versions of the software. Additionally, organizations using these products should ensure that their systems are up to date and consider implementing additional security measures to protect against potential attacks.

Technical summary

CVE-2026-5732 is a high-severity vulnerability affecting Mozilla Firefox and Thunderbird. The vulnerability is caused by incorrect boundary conditions and integer overflow in the Graphics: Text component. This vulnerability can be exploited by attackers to potentially execute arbitrary code on affected systems. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a high level of severity. The vulnerability is classified as CWE-190.

Defensive priority

High

Recommended defensive actions

  • Update to Firefox 149.0.2 or later
  • Update to Firefox ESR 140.9.1 or later
  • Update to Thunderbird 149.0.2 or later
  • Update to Thunderbird 140.9.1 or later
  • Implement additional security measures to protect against potential attacks

Evidence notes

The CVE-2026-5732 vulnerability was publicly disclosed on April 7, 2026, and has since been modified on June 30, 2026. The vulnerability affects multiple products, including Mozilla Firefox and Thunderbird. The CVSS score for this vulnerability is 8.8, indicating a high level of severity.

Official resources

This article was generated with AI assistance and is based on the supplied source corpus.