The French CERT announced that multiple vulnerabilities were discovered in Mozilla products, allowing attackers to execute arbitrary code remotely. Affected versions include Firefox ESR before 115.34.1, Firefox ESR before 140.9.1, Firefox before 149.0.2, Thunderbird ESR before 140.9.1, and Thunderbird before 149.0.2. The vulnerabilities are listed as CVE-2026-5731 through CVE-2026-5735. The alert references Mozilla security bulletins mfsa2026-25 to mfsa2026-29 issued on 7 April 2026. Users are urged to apply patches from the Mozilla security advisories. No further details are provided. The alert specifies that the vulnerabilities could allow remote code execution and an unspecified security issue. The affected software includes older ESR and non-ESR releases of Firefox and Thunderbird. The CERT advises users to consult the Mozilla security bulletins for detailed patch information and to update promptly. The notice was released on 8 April 2026.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.