CVE-2026-15718
Received Received - Intake

Heap-based Buffer Overflow in Mozilla Firefox

Vulnerability report for CVE-2026-15718, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Mozilla Corporation

Description

We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw. This vulnerability was fixed in Firefox 152.0.6.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mozilla firefox 152.0.6

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-763 The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-15718 is a security vulnerability in Mozilla Firefox version 152.0.6. It involves an invalid pointer in the JavaScript: WebAssembly component. This flaw can be exploited by attackers, and public exploit code is available, though no active exploitation in the wild has been detected.

The vulnerability was reported by Christian Holler and is tracked under Bug 2045443. It was fixed in Firefox 152.0.6.

Detection Guidance

Detection of CVE-2026-15718 on your network or system primarily involves verifying the installed version of Firefox. This vulnerability affects Firefox versions prior to 152.0.6.

  • Check the Firefox version on a system by opening Firefox and navigating to 'Help' > 'About Firefox'. The version number will be displayed.
  • On Linux systems, you can run the command: firefox --version or check the package manager, e.g., dpkg -l | grep firefox or rpm -qa | grep firefox.
  • On Windows systems, you can check the installed version via 'Control Panel' > 'Programs and Features' or by running wmic product where name='Mozilla Firefox' get version in Command Prompt.

Since this vulnerability involves WebAssembly, monitoring for unusual WebAssembly-related activity or crashes in Firefox logs may indicate exploitation attempts, though this is not a definitive detection method.

Mitigation Strategies

The immediate step to mitigate CVE-2026-15718 is to upgrade Firefox to version 152.0.6 or later, as the vulnerability was fixed in this release.

  • Download and install the latest version of Firefox from the official Mozilla website: https://www.mozilla.org/firefox.
  • If automatic updates are enabled, ensure Firefox is updated by restarting the browser and checking the version as described in the detection steps.
  • For enterprise environments, deploy the updated version of Firefox across all systems using centralized management tools or scripts.

If upgrading is not immediately possible, consider disabling WebAssembly in Firefox as a temporary workaround, though this may impact functionality of websites relying on WebAssembly.

Impact Analysis

This vulnerability can impact you if you are using an affected version of Mozilla Firefox (prior to 152.0.6).

  • An attacker could exploit this flaw to access sensitive information on your system, as indicated by the CVSS score (Confidentiality impact: Low).
  • While no active exploitation has been detected, the availability of public exploit code increases the risk of potential attacks.

To mitigate the risk, you should update to Firefox 152.0.6 or later.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15718. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart