Vulnerability in Mozilla Firefox
CVE-2026-5732
Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.
EPSS: 0.000 (14.5th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox — versions 140.9.1, 149.0.2
- Mozilla Thunderbird — versions 140.9.1, 149.0.2