CVE-2026-5732
Awaiting Analysis Awaiting Analysis - Queue
Integer Overflow in Firefox Graphics Text Component Causes Crash

Publication date: 2026-04-07

Last updated on: 2026-04-13

Assigner: Mozilla Corporation

Description
Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-13
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5732
EUVD
EUVD-2026-19611
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
mozilla firefox to 149.0.2 (exc)
mozilla firefox to 140.9.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, you should update your Firefox browser to version 149.0.2 or later, or Firefox ESR to version 140.9.1 or later.

These updates include fixes that address the incorrect boundary conditions and integer overflow in the Graphics: Text component, preventing potential memory corruption and related security issues.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability could lead to memory corruption, which attackers might exploit to cause crashes or execute arbitrary code on your system.

Exploitation of this flaw could compromise the security and stability of your Firefox browser, potentially allowing attackers to run malicious code or disrupt normal operation.

Executive Summary

CVE-2026-5732 is a high-impact security vulnerability found in the Graphics: Text component of Firefox and Firefox ESR. It involves incorrect boundary conditions and an integer overflow, which means that the software does not properly check limits or handle integer values correctly when processing text graphics.

This flaw can lead to memory corruption or other security issues because the text rendering subsystem mishandles boundary checks and integer values, potentially causing unexpected behavior or crashes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5732. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart