Mozilla Foundation Security Advisory 2026-67

Security Vulnerabilities fixed in Firefox 152.0.6

Announced
July 14, 2026
Impact
critical
Products
Firefox
Fixed in
  • Firefox 152.0.6

#CVE-2026-15718: Invalid pointer in the JavaScript: WebAssembly component

Reporter
Christian Holler
Impact
critical
Description

We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw.

References

#CVE-2026-15719: Site isolation in the DOM: Navigation component

Reporter
Atsushi Sada
Impact
critical
Description

We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw.

References