Mozilla Firefox Zero-day Vulnerabilities Exploited in Attacks (CVE-2026-15718 & CVE-2026-15719)

Mozilla released a security update to address two vulnerabilities impacting the Firefox browser, tracked as CVE-2026-15718 & CVE-2026-15719. Mozilla mentioned in the advisory that they are aware that exploit code for this is public; however, they are unaware of any attacks in the wild abusing this flaw.

CVE-2026-15718

This is an invalid pointer vulnerability exists in the JavaScript WebAssembly component of Firefox.

CVE-2026-15719

This is a site isolation flaw in the DOM navigation component of Firefox.

Affected Versions

The vulnerabilities affect the Mozilla Firefox versions prior to 152.0.6.

Mitigation

Users must upgrade to Firefox version 152.0.6 to patch the vulnerabilities.

For more information, please refer to the Mozilla Security Advisory (MFSA2026-67).

Qualys Detection

Qualys customers can scan their devices with QID 387870 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.

References
https://www.mozilla.org/en-US/security/advisories/mfsa2026-67/