Mozilla Firefox Zero-day Vulnerabilities Exploited in Attacks (CVE-2026-15718 & CVE-2026-15719)
Mozilla released a security update to address two vulnerabilities impacting the Firefox browser, tracked as CVE-2026-15718 & CVE-2026-15719. Mozilla mentioned in the advisory that they are aware that exploit code for this is public; however, they are unaware of any attacks in the wild abusing this flaw.
CVE-2026-15718
This is an invalid pointer vulnerability exists in the JavaScript WebAssembly component of Firefox.
CVE-2026-15719
This is a site isolation flaw in the DOM navigation component of Firefox.
Affected Versions
The vulnerabilities affect the Mozilla Firefox versions prior to 152.0.6.
Mitigation
Users must upgrade to Firefox version 152.0.6 to patch the vulnerabilities.
For more information, please refer to the Mozilla Security Advisory (MFSA2026-67).
Qualys Detection
Qualys customers can scan their devices with QID 387870 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2026-67/

Comments are closed.