Memory corruption in Firefox <149.0.2 & ESR <140.9.1
CVE-2026-5734 Published on April 7, 2026

Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2
Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 149.0.2 and Firefox ESR < 140.9.1.

NVD

Products Associated with CVE-2026-5734

stack.watch emails you whenever new vulnerabilities are published in Mozilla Firefox or Mozilla FireFox Extended Support Release (ESR). Just hit a watch button to start following.

Mozilla Firefox

Mozilla FireFox Extended Support Release (ESR)

Affected Versions

Mozilla Firefox:

Version unspecified and below 149.0.2 is affected.

Mozilla Firefox ESR:

Version unspecified and below 140.9.1 is affected.

Memory corruption in Firefox <149.0.2 & ESR <140.9.1CVE-2026-5734 Published on April 7, 2026

Products Associated with CVE-2026-5734

Affected Versions

Memory corruption in Firefox <149.0.2 & ESR <140.9.1
CVE-2026-5734 Published on April 7, 2026