Changeflow GovPing Vulnerability Alerts Mozilla Firefox, Thunderbird Vulnerabilities (C...
Priority review Notice Amended Final

Mozilla Firefox, Thunderbird Vulnerabilities (CVSS 8.8)

Favicon for wid.cert-bund.de CERT-Bund Security Advisories
Published February 16th, 2026
Detected March 13th, 2026
Email

Summary

CERT-Bund has issued an advisory regarding multiple vulnerabilities in Mozilla Firefox, Firefox ESR, and Thunderbird, with a CVSS Base Score of 8.8. The advisory has been updated multiple times to include specific product versions and affected operating systems.

View original document View source feed page

What changed

This advisory (WID-SEC-2026-0427) from CERT-Bund details multiple high-severity vulnerabilities (CVSS Base Score 8.8) affecting Mozilla Firefox, Firefox ESR, and Thunderbird. The vulnerabilities allow remote attackers to display incorrect information or cause unspecified impacts. The advisory lists specific affected versions of the software, including those for iOS, and various Linux distributions such as Amazon Linux 2, Oracle Linux, Red Hat Enterprise Linux, SUSE Linux, Debian Linux, Ubuntu Linux, and SUSE openSUSE, as well as Windows and UNIX operating systems.

Organizations utilizing affected versions of Firefox or Thunderbird must update their software to the patched versions as soon as possible to mitigate the risk of exploitation. The advisory indicates that mitigation is possible, but specific details are not provided. Given the high CVSS score and the potential for remote attacks, immediate patching is recommended to prevent unauthorized access or data compromise. Failure to update could lead to system compromise and potential data breaches.

What to do next

  1. Update Mozilla Firefox, Firefox ESR, and Thunderbird to the latest patched versions.
  2. Review system logs for any signs of exploitation related to these vulnerabilities.

Source document (simplified)

[WID-SEC-2026-0427] Mozilla Firefox, Firefox ESR und Thunderbird: Mehrere Schwachstellen CVSS Base Score 8.8 (hoch) CVSS Temporal Score 7.7 (hoch) Remoteangriff ja Datum 16.02.2026 Stand UPDATE 13.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

  • Linux
  • Sonstiges
  • UNIX
  • Windows

Produktbeschreibung

Firefox ist ein Open Source Web Browser.
ESR ist die Variante mit verlängertem Support.
Thunderbird ist ein Open Source E-Mail Client.

Produkte

UPDATE 05.03.2026
- Amazon Linux 2
UPDATE 26.02.2026
- Oracle Linux

  • RESF Rocky Linux UPDATE 25.02.2026
  • Red Hat Enterprise Linux UPDATE 24.02.2026
  • SUSE Linux UPDATE 19.02.2026

  • Debian Linux

  • Ubuntu Linux

  • SUSE openSUSE
    16.02.2026

  • Mozilla Firefox ios <147.2.1

  • Mozilla Firefox <147.0.4

  • Mozilla Firefox ESR <115.32.1

  • Mozilla Firefox ESR <140.7.1

  • Mozilla Thunderbird <140.7.2

  • Mozilla Thunderbird <147.0.2

Angriff

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird ausnutzen, um falsche Informationen darzustellen oder nicht näher spezifizierte Auswirkungen zu verursachen CVE Informationen Versionshistorie Feedback zum Advisory geben

Related changes

Favicon for www.gov.uk Humanitarian Assistance Exception Notification for Petroleum Products
Priority review Mar 13, 2026 OFSI All Publications Trade & Export
Favicon for www.apra.gov.au APRA Releases Quarterly ADI Statistics for December 2025
Routine Mar 13, 2026 news-and-publications Government
Favicon for www.apra.gov.au APRA Statement on Gender Pay Gap
Routine Mar 13, 2026 news-and-publications Government
Favicon for www.cisa.gov CISA Adds Two Exploited Vulnerabilities to KEV Catalog
Priority review Mar 13, 2026 CISA ICS-CERT Advisories Government
Favicon for www.cisa.gov CISA: Ignition Software Vulnerable to Code Execution
Priority review Mar 13, 2026 CISA ICS-CERT Advisories Government
Favicon for www.gao.gov GAO Report on DOD Cybersecurity Maturity Model Certification Program
Priority review Mar 13, 2026 GAO Reports & Testimonies Government Accountability

Source

Favicon for wid.cert-bund.de
CERT-Bund Security Advisories wid.cert-bund.de/content/public/securityAdvisory/rss
Vulnerability Alerts
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various
Published
February 16th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies
Geographic scope
INT

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Software Vulnerabilities Product Security

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Vulnerability Alerts alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-Bund Security Advisories publishes new changes.

Free. Unsubscribe anytime.