PatchSiren cyber security CVE debrief
CVE-2026-5733 Mozilla CVE debrief
CVE-2026-5733 is a HIGH-severity vulnerability in Mozilla Firefox and Thunderbird, caused by incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity. The CVE record was published on 2026-04-07T13:16:47.567Z and last modified on 2026-06-30T03:21:09.290Z.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-07
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-07
- Advisory updated
- 2026-06-30
Who should care
Users of Mozilla Firefox and Thunderbird should apply the patches to prevent exploitation of this vulnerability. The vulnerability is considered HIGH severity, with a CVSS score of 8.8. Administrators should prioritize patching to protect against potential attacks.
Technical summary
The vulnerability is caused by incorrect boundary conditions in the Graphics: WebGPU component of Mozilla Firefox and Thunderbird. This could allow an attacker to execute arbitrary code or cause a denial of service. The vulnerability is addressed in Firefox 149.0.2 and Thunderbird 149.0.2. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-119 and CWE-787.
Defensive priority
High priority should be given to patching affected systems, as the vulnerability is considered HIGH severity and has a high CVSS score. Administrators should prioritize patching to protect against potential attacks.
Recommended defensive actions
- Apply patches to affected systems
- Ensure Firefox and Thunderbird are updated to version 149.0.2
- Review system logs for potential exploitation attempts
- Implement additional security measures to detect and prevent attacks
- Monitor system performance and behavior for signs of exploitation
Evidence notes
The CVE record was published on 2026-04-07T13:16:47.567Z and last modified on 2026-06-30T03:21:09.290Z. The vulnerability is considered HIGH severity, with a CVSS score of 8.8. The vulnerability is addressed in Firefox 149.0.2 and Thunderbird 149.0.2.
Official resources
-
CVE-2026-5733 CVE record
CVE.org
-
CVE-2026-5733 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Issue Tracking, Permissions Required
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
- Source reference
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.