Description
Memory safety bugs present in Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1.
Published: 2026-04-28
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply patch
AI Analysis

Impact

Memory safety bugs were identified in Firefox 150.0.0 that caused memory corruption. The evidence suggests that with sufficient effort these bugs could be exploited to execute arbitrary code. The issue was addressed in Firefox 150.0.1.

Affected Systems

Mozilla Firefox version 150.0.0 is affected; the fix is in Firefox 150.0.1.

Risk and Exploitability

Exploit probability data (EPSS) is not currently available and the vulnerability is not listed in the CISA KEV catalog. The CVSS score of 7.3 indicates high severity, and the memory corruption bugs that can lead to arbitrary code execution suggest that a skilled attacker could pose a high risk if access to the affected application can be obtained.

Generated by OpenCVE AI on April 29, 2026 at 01:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox to version 150.0.1 or later
  • Check Mozilla security advisories and vendor website for any additional guidance or future updates
  • Review and restrict Firefox extensions to those from trusted sources to reduce risk of indirect exploitation

Generated by OpenCVE AI on April 29, 2026 at 01:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 22:15:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox 150.0.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1. Memory safety bugs present in Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1.
Title Memory safety bugs fixed in Firefox 150.0.1 and Thunderbird 150.0.1 Memory safety bugs fixed in Firefox 150.0.1

Tue, 28 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla thunderbird
Weaknesses CWE-119
Vendors & Products Mozilla
Mozilla firefox
Mozilla thunderbird
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox 150.0.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1.
Title Memory safety bugs fixed in Firefox 150.0.1 and Thunderbird 150.0.1
References

Subscriptions

Mozilla Firefox Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-28T18:36:54.809Z

Reserved: 2026-04-28T13:42:18.908Z

Link: CVE-2026-7324

cve-icon Vulnrichment

Updated: 2026-04-28T15:26:49.257Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T15:16:37.950

Modified: 2026-04-28T22:16:52.493

Link: CVE-2026-7324

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T01:30:06Z

Weaknesses