CVE-2026-7322
high
CVSS v3
7.3
CVSS v4 NEW
โ
VIR risk
7.3
Description
Important: firefox security update
Predictions
Exploit likelihood
82%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| debian | sid | fixed | 150.0.1-1 |
| debian | bookworm | fixed | 140.10.1esr-1~deb12u1 |
| debian | bullseye | fixed | 140.10.1esr-1~deb11u1 |
| debian | forky | fixed | 140.10.1esr-1 |
| debian | trixie | fixed | 140.10.1esr-1~deb13u1 |
| almalinux | 9 | fixed | thunderbird-140.10.1-1.el9_8.alma.1.x86_64.rpm |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mozilla | firefox | {"endExcluding":"115.35.1"} | 115.35.1 |
| mozilla | thunderbird | {"endExcluding":"140.10.1"} | 140.10.1 |
| mozilla | firefox | {"endExcluding":"115.35.1"} | 115.35.1 |
| mozilla | thunderbird | {"endExcluding":"140.10.1"} | 140.10.1 |
References
- https://access.redhat.com/errata/RHSA-2026:19348
- https://access.redhat.com/errata/RHSA-2026:19370
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2021904%2C2022731%2C2027158%2C2027733%2C2027973%2C2027976%2C2028231%2C2028731%2C2028886%2C2029067%2C2029700%2C2029724%2C2029806%2C2029814%2C2030108%2C2030111%2C2031524%2C2031921%2C2032040
- https://www.mozilla.org/security/advisories/mfsa2026-35/
- https://www.mozilla.org/security/advisories/mfsa2026-36/
- https://www.mozilla.org/security/advisories/mfsa2026-37/
- https://www.mozilla.org/security/advisories/mfsa2026-38/
- https://www.mozilla.org/security/advisories/mfsa2026-39/
- https://security-tracker.debian.org/tracker/CVE-2026-7322
- https://bugzilla.redhat.com/2460074
- https://bugzilla.redhat.com/2460075
- https://bugzilla.redhat.com/2460076
- https://bugzilla.redhat.com/2460078
- https://bugzilla.redhat.com/2460079
- https://bugzilla.redhat.com/2460085
- https://bugzilla.redhat.com/2460086
- https://bugzilla.redhat.com/2460088
- https://bugzilla.redhat.com/2460092
- https://bugzilla.redhat.com/2460094
- https://bugzilla.redhat.com/2460095
- https://bugzilla.redhat.com/2460096
- https://bugzilla.redhat.com/2460097
- https://bugzilla.redhat.com/2460099
- https://bugzilla.redhat.com/2460101
- https://bugzilla.redhat.com/2460102
CWEs
CWE-119 CWE-416
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.