CVE-2026-5732
Integer Overflow in Firefox Graphics Text Component Causes Crash
Publication date: 2026-04-07
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 149.0.2 (exc) |
| mozilla | firefox | to 140.9.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update your Firefox browser to version 149.0.2 or later, or Firefox ESR to version 140.9.1 or later.
These updates include fixes that address the incorrect boundary conditions and integer overflow in the Graphics: Text component, preventing potential memory corruption and related security issues.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability could lead to memory corruption, which attackers might exploit to cause crashes or execute arbitrary code on your system.
Exploitation of this flaw could compromise the security and stability of your Firefox browser, potentially allowing attackers to run malicious code or disrupt normal operation.
Can you explain this vulnerability to me?
CVE-2026-5732 is a high-impact security vulnerability found in the Graphics: Text component of Firefox and Firefox ESR. It involves incorrect boundary conditions and an integer overflow, which means that the software does not properly check limits or handle integer values correctly when processing text graphics.
This flaw can lead to memory corruption or other security issues because the text rendering subsystem mishandles boundary checks and integer values, potentially causing unexpected behavior or crashes.