PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-5733 Mozilla CVE debrief

CVE-2026-5733 is a HIGH-severity vulnerability in Mozilla Firefox and Thunderbird, caused by incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity. The CVE record was published on 2026-04-07T13:16:47.567Z and last modified on 2026-06-30T03:21:09.290Z.

Vendor
Mozilla
Product
Firefox
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-07
Original CVE updated
2026-06-30
Advisory published
2026-04-07
Advisory updated
2026-06-30

Who should care

Users of Mozilla Firefox and Thunderbird should apply the patches to prevent exploitation of this vulnerability. The vulnerability is considered HIGH severity, with a CVSS score of 8.8. Administrators should prioritize patching to protect against potential attacks.

Technical summary

The vulnerability is caused by incorrect boundary conditions in the Graphics: WebGPU component of Mozilla Firefox and Thunderbird. This could allow an attacker to execute arbitrary code or cause a denial of service. The vulnerability is addressed in Firefox 149.0.2 and Thunderbird 149.0.2. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-119 and CWE-787.

Defensive priority

High priority should be given to patching affected systems, as the vulnerability is considered HIGH severity and has a high CVSS score. Administrators should prioritize patching to protect against potential attacks.

Recommended defensive actions

  • Apply patches to affected systems
  • Ensure Firefox and Thunderbird are updated to version 149.0.2
  • Review system logs for potential exploitation attempts
  • Implement additional security measures to detect and prevent attacks
  • Monitor system performance and behavior for signs of exploitation

Evidence notes

The CVE record was published on 2026-04-07T13:16:47.567Z and last modified on 2026-06-30T03:21:09.290Z. The vulnerability is considered HIGH severity, with a CVSS score of 8.8. The vulnerability is addressed in Firefox 149.0.2 and Thunderbird 149.0.2.

Official resources

This article is AI-assisted and based on the supplied source corpus.