Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution

Multiple memory-safety, use-after-free, privilege-escalation, and information-disclosure vulnerabilities (a large set of CVEs, e.g., CVE-2026-6746 through CVE-2026-6786 and others) were disclosed in Mozilla Firefox and Thunderbird (including ESR releases). The most severe flaws could permit arbitrary code execution, enabling attackers to install programs, access or modify data, or create accounts with elevated rights; users are advised to apply the fixes in the listed versions (Firefox 150, Thunderbird 150, and the noted ESR releases) to mitigate these issues.