
PEACH
Un cadre d’isolation des locataires
CVE-2026-15718 is an invalid pointer vulnerability in the JavaScript/WebAssembly component of Mozilla Firefox, classified as Critical severity by Mozilla. It was discovered by Christian Holler and disclosed on July 14, 2026, as part of Mozilla Foundation Security Advisory 2026-67. All Firefox versions prior to 152.0.6 are affected. The vulnerability carries a CVSS v3.1 base score of 4.3 (Medium) per NVD scoring, though Mozilla rates its impact as Critical (Mozilla Advisory, GitHub Advisory).
The root cause is classified as CWE-763 (Release of Invalid Pointer or Reference), where the product attempts to return a memory resource to the system using an incorrect release function or calls the appropriate release function incorrectly. The flaw resides specifically in Firefox's JavaScript/WebAssembly component and is exploitable remotely over the network with no privileges required, though user interaction (e.g., visiting a malicious page) is necessary to trigger the vulnerability. The Bugzilla bug report (Bug 2045443) is access-restricted, limiting public technical detail, but Mozilla has confirmed that public exploit code exists (Mozilla Advisory, GitHub Advisory).
Successful exploitation results in a low confidentiality impact with no integrity or availability impact per the CVSS scoring, suggesting potential for limited information disclosure from the browser's memory space. However, Mozilla's own Critical severity rating indicates the vulnerability may have more severe real-world consequences than the CVSS score alone suggests, potentially enabling memory corruption or sandbox escape scenarios typical of WebAssembly engine flaws. The scope is unchanged, meaning exploitation is contained to the Firefox browser process, but sensitive data accessible within that process (e.g., session tokens, page content) could be exposed (Mozilla Advisory, GitHub Advisory).
Mozilla has released Firefox 152.0.6 to address this vulnerability, and upgrading to this version or later is the recommended remediation. No configuration-based workarounds have been published. Organizations should prioritize patching given the public availability of exploit code and Mozilla's Critical severity rating. Enterprise administrators can use Firefox's managed update mechanisms or deployment tools to push the update promptly (Mozilla Advisory).
Ivanti referenced this vulnerability in their July 2026 Patch Tuesday blog post, indicating it was noted in broader patch management discussions. No significant independent researcher commentary or notable social media reactions have been identified beyond standard vulnerability aggregator coverage.
Source: Ce rapport a été généré à l’aide de l’IA
Évaluation gratuite des vulnérabilités
Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.
Obtenez une démo personnalisée
"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."