Multiple critical vulnerabilities were identified in Mozilla Firefox and Firefox ESR, with the most severe enabling arbitrary code execution. Affected versions include Firefox prior to 146, Firefox ESR prior to 115.31, and Firefox ESR prior to 140.6. The vulnerabilities include use-after-free in WebRTC (CVE-2025-14321), sandbox escape in Graphics (CVE-2025-14322), privilege escalation in the DOM (CVE-2025-14323), JIT miscompilation in the JavaScript Engine (CVE-2025-14324, CVE-2025-14325), and multiple memory safety bugs. Exploitation could allow attackers to install programs, modify or delete data, or create new accounts with full user rights, depending on the privileges of the compromised user. There are currently no reports of these vulnerabilities being exploited in the wild.
Security advisories from both the Canadian Centre for Cyber Security and the Multi-State Information Sharing and Analysis Center (MS-ISAC) urge users and administrators to apply the latest updates immediately to mitigate risk. The advisories highlight the importance of prompt patching, especially for large organizations and government entities, as the risk is assessed as high for these sectors. The updates address all known vulnerabilities, and users with fewer system privileges are less impacted than those with administrative rights.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
Rocky Linux issued product errata RLSA-2026:5932 covering Mozilla security updates, reflecting downstream distribution of fixes for affected Mozilla software in Rocky Linux. This represents vendor-specific availability of patched packages after Mozilla's original advisories.
Mozilla released updates for affected Mozilla products, with reporting noting Firefox, Firefox ESR, and Thunderbird versions as impacted. The advisories recommended immediate patching and stated that no exploitation in the wild had been reported at the time.
Mozilla published security advisories addressing multiple vulnerabilities in Firefox and Firefox ESR, including issues that could lead to arbitrary code execution. The affected versions were Firefox prior to 146, Firefox ESR prior to 115.31, and Firefox ESR prior to 140.6.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
8 references tracked. Mallory keeps watching after this page renders.
errata.rockylinux.org
Open sourceerrata.rockylinux.org
Open sourceerrata.rockylinux.org
Open sourceerrata.rockylinux.org
Open sourceerrata.rockylinux.org
Open sourcecisecurity.org
Open sourcecyber.gc.ca
Open sourceerrata.rockylinux.org
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.