CVE-2026-8975

Mozilla · Firefox ESR

Multiple memory safety vulnerabilities exist in Mozilla Firefox ESR 115 that could allow for arbitrary code execution.

Executive summary

A series of critical memory safety vulnerabilities in Mozilla Firefox ESR 115 poses a significant risk of arbitrary code execution if a user is enticed to visit a malicious webpage.

Vulnerability

The software contains various memory safety bugs that, if triggered, could allow an unauthenticated, remote attacker to corrupt memory and execute arbitrary code. These vulnerabilities typically require user interaction, such as navigating to a specially crafted website.

Business impact

Successful exploitation of these memory safety flaws could lead to a full compromise of the user's workstation, including the theft of sensitive session data, credentials, or the installation of malicious software. With a CVSS score of 8.8, these vulnerabilities are categorized as High/Critical, representing a significant threat to organizational integrity and data confidentiality.

Remediation

Immediate Action: Update all instances of Mozilla Firefox ESR to the latest version provided by the vendor.

Proactive Monitoring: Monitor workstation traffic for connections to unknown or suspicious domains and review endpoint security logs for anomalous process behavior.

Compensating Controls: Deploy browser-based security policies to restrict the execution of scripts or active content from untrusted origins.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The severity of memory safety vulnerabilities in browser software necessitates an immediate patching cycle. Organizations should prioritize updating all deployments of Firefox ESR to the latest version to mitigate the risk of remote code execution.