Vulnerability-Lookup

WID-SEC-W-2026-0427

Vulnerability from csaf_certbund - Published: 2026-02-16 23:00 - Updated: 2026-03-08 23:00

Summary

Mozilla Firefox, Firefox ESR und Thunderbird: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Firefox ist ein Open Source Web Browser. ESR ist die Variante mit verlängertem Support. Thunderbird ist ein Open Source E-Mail Client.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird ausnutzen, um falsche Informationen darzustellen oder nicht näher spezifizierte Auswirkungen zu verursachen

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2026-2032

CVE-2026-2447

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://www.mozilla.org/en-US/security/advisories…	external
	https://www.mozilla.org/en-US/security/advisories…	external
	https://www.mozilla.org/en-US/security/advisories…	external
	https://lists.debian.org/debian-security-announce…	external
	https://ubuntu.com/security/notices/USN-8053-1	external
	https://lists.opensuse.org/archives/list/security…	external
	https://lists.opensuse.org/archives/list/security…	external
	https://lists.debian.org/debian-lts-announce/2026…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://access.redhat.com/errata/RHSA-2026:3338	external
	https://access.redhat.com/errata/RHSA-2026:3361	external
	http://linux.oracle.com/errata/ELSA-2026-3338.html	external
	http://linux.oracle.com/errata/ELSA-2026-3339.html	external
	https://linux.oracle.com/errata/ELSA-2026-3361.html	external
	https://errata.build.resf.org/RLSA-2026:3361	external
	https://errata.build.resf.org/RLSA-2026:3339	external
	https://errata.build.resf.org/RLSA-2026:3338	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://errata.build.resf.org/RLSA-2026:3517	external
	https://alas.aws.amazon.com/AL2/ALAS2-2026-3190.html	external
	https://alas.aws.amazon.com/AL2/ALAS2FIREFOX-2026…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://access.redhat.com/errata/RHSA-2026:3967	external
	https://access.redhat.com/errata/RHSA-2026:3978	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Firefox ist ein Open Source Web Browser. \r\nESR ist die Variante mit verl\u00e4ngertem Support.\r\nThunderbird ist ein Open Source E-Mail Client.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird ausnutzen, um falsche Informationen darzustellen oder nicht n\u00e4her spezifizierte Auswirkungen zu verursachen",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0427 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0427.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0427 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0427"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory vom 2026-02-16",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-09/"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory vom 2026-02-16",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-10/"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory vom 2026-02-16",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-11/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6143 vom 2026-02-19",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00052.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-8053-1 vom 2026-02-19",
        "url": "https://ubuntu.com/security/notices/USN-8053-1"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10218-1 vom 2026-02-19",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MMSYOCXCDROVZUUKNWXZTMOTNREXXVCT/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10225-1 vom 2026-02-20",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GA3UFXPVPB6QUCFX5G6PZ2I63KN7DPF6/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4489 vom 2026-02-22",
        "url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00028.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0602-1 vom 2026-02-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024374.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0611-1 vom 2026-02-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024386.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3338 vom 2026-02-25",
        "url": "https://access.redhat.com/errata/RHSA-2026:3338"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3361 vom 2026-02-25",
        "url": "https://access.redhat.com/errata/RHSA-2026:3361"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3338 vom 2026-02-27",
        "url": "http://linux.oracle.com/errata/ELSA-2026-3338.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3339 vom 2026-02-27",
        "url": "http://linux.oracle.com/errata/ELSA-2026-3339.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-3361 vom 2026-02-26",
        "url": "https://linux.oracle.com/errata/ELSA-2026-3361.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3361 vom 2026-02-26",
        "url": "https://errata.build.resf.org/RLSA-2026:3361"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3339 vom 2026-02-26",
        "url": "https://errata.build.resf.org/RLSA-2026:3339"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3338 vom 2026-02-26",
        "url": "https://errata.build.resf.org/RLSA-2026:3338"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0692-1 vom 2026-02-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024503.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:3517 vom 2026-03-05",
        "url": "https://errata.build.resf.org/RLSA-2026:3517"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3190 vom 2026-03-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3190.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2FIREFOX-2026-053 vom 2026-03-06",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2FIREFOX-2026-053.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20582-1 vom 2026-03-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024621.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3967 vom 2026-03-09",
        "url": "https://access.redhat.com/errata/RHSA-2026:3967"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3978 vom 2026-03-09",
        "url": "https://access.redhat.com/errata/RHSA-2026:3978"
      }
    ],
    "source_lang": "en-US",
    "title": "Mozilla Firefox, Firefox ESR und Thunderbird: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-03-08T23:00:00.000+00:00",
      "generator": {
        "date": "2026-03-09T08:11:49.824+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0427",
      "initial_release_date": "2026-02-16T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-16T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-02-19T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian, Ubuntu und openSUSE aufgenommen"
        },
        {
          "date": "2026-02-22T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von openSUSE und Debian aufgenommen"
        },
        {
          "date": "2026-02-24T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-02-25T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-02-26T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux und Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-03-01T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-03-04T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-03-05T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Amazon und SUSE aufgenommen"
        },
        {
          "date": "2026-03-08T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "10"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "ios \u003c147.2.1",
                "product": {
                  "name": "Mozilla Firefox ios \u003c147.2.1",
                  "product_id": "T050937"
                }
              },
              {
                "category": "product_version",
                "name": "ios 147.2.1",
                "product": {
                  "name": "Mozilla Firefox ios 147.2.1",
                  "product_id": "T050937-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox:ios__147.2.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c147.0.4",
                "product": {
                  "name": "Mozilla Firefox \u003c147.0.4",
                  "product_id": "T050938"
                }
              },
              {
                "category": "product_version",
                "name": "147.0.4",
                "product": {
                  "name": "Mozilla Firefox 147.0.4",
                  "product_id": "T050938-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox:147.0.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c115.32.1",
                "product": {
                  "name": "Mozilla Firefox ESR \u003c115.32.1",
                  "product_id": "T050939"
                }
              },
              {
                "category": "product_version",
                "name": "115.32.1",
                "product": {
                  "name": "Mozilla Firefox ESR 115.32.1",
                  "product_id": "T050939-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox_esr:115.32.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c140.7.1",
                "product": {
                  "name": "Mozilla Firefox ESR \u003c140.7.1",
                  "product_id": "T050940"
                }
              },
              {
                "category": "product_version",
                "name": "140.7.1",
                "product": {
                  "name": "Mozilla Firefox ESR 140.7.1",
                  "product_id": "T050940-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox_esr:140.7.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox ESR"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c140.7.2",
                "product": {
                  "name": "Mozilla Thunderbird \u003c140.7.2",
                  "product_id": "T050941"
                }
              },
              {
                "category": "product_version",
                "name": "140.7.2",
                "product": {
                  "name": "Mozilla Thunderbird 140.7.2",
                  "product_id": "T050941-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:thunderbird:140.7.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c147.0.2",
                "product": {
                  "name": "Mozilla Thunderbird \u003c147.0.2",
                  "product_id": "T050942"
                }
              },
              {
                "category": "product_version",
                "name": "147.0.2",
                "product": {
                  "name": "Mozilla Thunderbird 147.0.2",
                  "product_id": "T050942-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:thunderbird:147.0.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Thunderbird"
          }
        ],
        "category": "vendor",
        "name": "Mozilla"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-2032",
      "product_status": {
        "known_affected": [
          "T050937",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T027843",
          "398363",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2026-02-16T23:00:00.000+00:00",
      "title": "CVE-2026-2032"
    },
    {
      "cve": "CVE-2026-2447",
      "product_status": {
        "known_affected": [
          "67646",
          "T050941",
          "T050940",
          "T004914",
          "T032255",
          "T050938",
          "2951",
          "T002207",
          "T050942",
          "T000126",
          "T027843",
          "398363",
          "T050939"
        ]
      },
      "release_date": "2026-02-16T23:00:00.000+00:00",
      "title": "CVE-2026-2447"
    }
  ]
}

CVE-2026-2032 (GCVE-0-2026-2032)

Vulnerability from cvelistv5 – Published: 2026-02-16 14:13 – Updated: 2026-04-14 15:09

Title

Interrupted page loads in new tabs could allow website spoofing under trusted domains in Firefox iOS

Summary

Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability was fixed in Firefox for iOS 147.2.1.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE

CWE-451 - User Interface (UI) Misrepresentation of Critical Information

Assigner

mozilla

References

URL

	Vendor	Product	Version
	Mozilla	Firefox for iOS	Unaffected: 147.2.1 , ≤ * (rpm)

CVE-2026-2447 (GCVE-0-2026-2447)

Vulnerability from cvelistv5 – Published: 2026-02-16 14:13 – Updated: 2026-04-13 13:53

Title

Heap buffer overflow in libvpx

Summary

Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

mozilla

References

URL

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0427

CVE-2026-2032 (GCVE-0-2026-2032)

CVE-2026-2447 (GCVE-0-2026-2447)

Tags

Sightings

Nomenclature