Mozilla has released Firefox 150 with fixes for 41 security vulnerabilities, many of which are considered high risk. These flaws could allow attackers to run malicious code on a user’s system without permission. Because Firefox is widely used for everyday browsing, work, and online transactions, these issues could impact a large number of users if left unpatched.
Most of the vulnerabilities are related to memory handling problems, which are often targeted by attackers because they can be used to take control of systems or crash applications. This is why Mozilla is strongly recommending users update their browsers immediately.
Key High-Risk Vulnerabilities
Some of the most dangerous issues involve use-after-free bugs found in important components like the DOM and WebRTC. These vulnerabilities occur when the browser continues to use memory that has already been released. Attackers can exploit this behavior to inject and execute harmful code, potentially gaining control over the affected system.
In addition to these, there are several other high-severity flaws. These include uninitialized memory issues in audio and video processing, which can lead to unexpected behavior or data leaks. There are also vulnerabilities in graphics components that could expose sensitive information, along with privilege escalation bugs that may allow attackers to gain higher-level access within the system.
Interestingly, researchers used advanced AI tools such as Claude to help identify some of these complex issues. This shows how AI is increasingly playing a role in both finding and preventing security vulnerabilities.
Wide Range of Security Fixes
Firefox 150 addresses vulnerabilities across multiple levels of severity. High-severity issues mainly focus on memory corruption and the risk of remote code execution, which are the most dangerous types of attacks. Moderate vulnerabilities include security bypass techniques, data exposure risks, and permission-related weaknesses that could be abused in certain scenarios.
Lower-severity issues, while less critical, still impact overall stability and security. These include denial-of-service problems that could crash the browser, as well as smaller bugs that may affect performance or reliability.
By fixing a wide range of issues at once, Mozilla has strengthened the overall security of the browser and reduced the chances of both targeted and large-scale attacks.
Why Updating Is Important
Even though many of these vulnerabilities may seem technical, they can have serious real-world consequences. Modern browsers store and process sensitive information such as login credentials, financial details, and personal data. If attackers exploit these flaws, they could steal information, monitor activity, or gain deeper access to systems.
Updating to the latest version ensures these security gaps are closed. Regular updates are one of the most effective ways to protect against evolving cyber threats and keep your browsing environment safe.
CVE ID
Vulnerability Description
Impact
CVE-2026-6746
Use-after-free in the DOM: Core & HTML component
High
CVE-2026-6747
Use-after-free in the WebRTC component
High
CVE-2026-6748
Uninitialized memory in the Audio/Video: Web Codecs component
High
CVE-2026-6749
Information disclosure due to uninitialized memory in Graphics: Canvas2D
High
CVE-2026-6750
Privilege escalation in the Graphics: WebRender component
High
CVE-2026-6751
Uninitialized memory in the Audio/Video: Web Codecs component
High
CVE-2026-6752
Incorrect boundary conditions in the WebRTC component
High
CVE-2026-6753
Incorrect boundary conditions in the WebRTC component
High
CVE-2026-6754
Use-after-free in the JavaScript Engine component
High
CVE-2026-6755
Mitigation bypass in the DOM: postMessage component
Moderate
CVE-2026-6756
Mitigation bypass in Firefox for Android
Moderate
CVE-2026-6757
Invalid pointer in the JavaScript: WebAssembly component
Moderate
CVE-2026-6758
Use-after-free in the JavaScript: WebAssembly component
Moderate
CVE-2026-6759
Use-after-free in the Widget: Cocoa component
Moderate
CVE-2026-6760
Mitigation bypass in the Networking: Cookies component
Moderate
CVE-2026-6761
Privilege escalation in the Networking component
Moderate
CVE-2026-6762
Spoofing issue in the DOM: Core & HTML component
Moderate
CVE-2026-6763
Mitigation bypass in the File Handling component
Moderate
CVE-2026-6764
Incorrect boundary conditions in the DOM: Device Interfaces component
Moderate
CVE-2026-6765
Information disclosure in the Form Autofill component
Moderate
CVE-2026-6766
Incorrect boundary conditions in the Libraries component in NSS
Moderate
CVE-2026-6767
Other issue in the Libraries component in NSS
Moderate
CVE-2026-6768
Mitigation bypass in the Networking: Cookies component
Moderate
CVE-2026-6769
Privilege escalation in the Debugger component
Moderate
CVE-2026-6770
Other issue in the Storage: IndexedDB component
Moderate
CVE-2026-6771
Mitigation bypass in the DOM: Security component
Moderate
CVE-2026-6772
Incorrect boundary conditions in the Libraries component in NSS
Moderate
CVE-2026-6773
Denial-of-service due to integer overflow in Graphics: WebGPU
Low
CVE-2026-6774
Mitigation bypass in the DOM: Security component
Low
CVE-2026-6775
Incorrect boundary conditions in the WebRTC component
Low
CVE-2026-6776
Incorrect boundary conditions in the WebRTC: Networking component
Low
CVE-2026-6777
Other issue in the Networking: DNS component
Low
CVE-2026-6778
Invalid pointer in the Audio/Video: Playback component
Low
CVE-2026-6779
Other issue in the JavaScript Engine component
Low
CVE-2026-6780
Denial-of-service in the Audio/Video: Playback component
Low
CVE-2026-6781
Denial-of-service in the Audio/Video: Playback component
Low
CVE-2026-6782
Information disclosure in the IP Protection component
Low
CVE-2026-6783
Incorrect boundary conditions/integer overflow in Audio/Video: Playback
Low
CVE-2026-6784
Memory safety bugs fixed in Firefox 150 and Thunderbird 150
High
CVE-2026-6785
Memory safety bugs fixed in ESR 115.35, ESR 140.10, and Firefox 150
High
CVE-2026-6786
Memory safety bugs fixed in ESR 140.10 and Firefox 150
FHN 
