CVE-2026-5734 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 7, 2026
Mozilla Firefox - Remote Code Execution
Published: April 7, 2026Updated: April 7, 2026Remote Exploitable
Overview
Mozilla Firefox ESR < 140.9.1 and Firefox < 149.0.2 contain memory safety bugs caused by memory corruption, letting attackers potentially execute arbitrary code, exploit requires successful memory corruption.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can exploit memory corruption to execute arbitrary code, potentially leading to full system compromise.
Mitigation
Update to Firefox ESR 140.9.1 and Firefox 149.0.2 or later.
References
- https://www.mozilla.org/security/advisories/mfsa2026-25/
- https://www.mozilla.org/security/advisories/mfsa2026-27/
- https://www.mozilla.org/security/advisories/mfsa2026-28/
- https://www.mozilla.org/security/advisories/mfsa2026-29/
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505
Related Resources
Details
- CVE ID
- CVE-2026-5734
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- undefined
- Status
- modified
CWE
- CWE-787
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H