Mozilla Firefox and Thunderbird Multiple Vulnerabilities
Summary
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Mozilla Firefox and Mozilla Thunderbird. These vulnerabilities, with a CVSS base score of 8.8, could allow remote attackers to execute arbitrary code, cause denial of service, or disclose information. Affected versions include Firefox <149, Firefox ESR <115.34 and <140.9, and Thunderbird <149 and ESR <140.9.
What changed
CERT-Bund has released security advisory WID-SEC-2026-0850 detailing critical vulnerabilities affecting Mozilla Firefox and Mozilla Thunderbird. The advisory highlights a CVSS base score of 8.8, indicating a high severity. Remote, anonymous attackers can exploit these flaws to achieve various malicious outcomes, including arbitrary code execution, denial of service, information disclosure, security mechanism bypass, user deception, and other unspecified impacts. The affected products include specific versions of Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR, impacting users across multiple operating systems such as Android, iOS, Linux, macOS, UNIX, and Windows.
Users and organizations utilizing the affected versions of Mozilla Firefox and Thunderbird are strongly advised to update their software immediately to the patched versions. While the advisory indicates mitigation is available, prompt patching is the most effective defense against these threats. Failure to update could expose systems to significant security risks, including data breaches and system compromise. This advisory applies to both individual consumers and organizations deploying these browsers and email clients.
What to do next
- Update Mozilla Firefox to version 149 or later.
- Update Mozilla Firefox ESR to version 115.34 or 140.9 or later.
- Update Mozilla Thunderbird to version 149 or later.
- Update Mozilla Thunderbird ESR to version 140.9 or later.
Archived snapshot
Mar 25, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-0850] Mozilla Firefox und Mozilla Thunderbird: Mehrere Schwachstellen CVSS Base Score 8.8 (hoch) CVSS Temporal Score 7.7 (hoch) Remoteangriff ja Datum 24.03.2026 Stand 25.03.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Android
- iPhoneOS
- Linux
- MacOS X
- UNIX
- Windows
Produktbeschreibung
Firefox ist ein Open Source Web Browser.
Thunderbird ist ein Open Source E-Mail Client.
Produkte
24.03.2026
- Mozilla Firefox <149
Mozilla Firefox ESR <115.34
Mozilla Firefox ESR <140.9
Mozilla Thunderbird <149
Mozilla Thunderbird ESR <140.9
Angriff
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox und Mozilla Thunderbird ausnutzen, um beliebigen Code auszuführen, um einen Denial of Service herbeizuführen, um Informationen offenzulegen, um Sicherheitsmechanismen zu umgehen, um den Benutzer zu täuschen und um nicht näher spezifizierte Auswirkungen zu erzielen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.