CVE-2026-7323
Received Received - Intake
Memory Corruption in Firefox and Thunderbird Enables Code Execution

Publication date: 2026-04-28

Last updated on: 2026-04-30

Assigner: Mozilla Corporation

Description
Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Thunderbird 150.0.1, and Thunderbird 140.10.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-30
Generated
2026-05-06
AI Q&A
2026-04-28
EPSS Evaluated
2026-05-05
NVD
CVE-2026-7323
EUVD
EUVD-2026-26060
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
mozilla firefox to 150.0.1 (exc)
mozilla thunderbird to 150.0.1 (exc)
mozilla firefox to 140.10.1 (exc)
mozilla thunderbird to 140.10.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves memory safety bugs found in specific versions of Firefox and Thunderbird, including Firefox ESR 140.10.0, Thunderbird ESR 140.10.0, Firefox 150.0.0, and Thunderbird 150.0.0.

Some of these bugs showed evidence of memory corruption, which means that the software could access or modify memory in unintended ways.

It is presumed that with enough effort, some of these bugs could have been exploited by attackers to run arbitrary code on affected systems.

The issue was fixed in Firefox 150.0.1 and Firefox ESR 140.10.1.


How can this vulnerability impact me? :

This vulnerability can potentially allow attackers to execute arbitrary code on your system if you are using the affected versions of Firefox or Thunderbird.

Exploitation of memory corruption bugs can lead to unauthorized control over your device, which may result in data theft, system compromise, or further malware installation.

Updating to the fixed versions (Firefox 150.0.1 and Firefox ESR 140.10.1) is recommended to mitigate this risk.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update Firefox and Thunderbird to the fixed versions: Firefox 150.0.1 and Firefox ESR 140.10.1.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart