🔴 Critical  |  Source: The Hacker News


Mozilla has released emergency patches for Firefox addressing two critical vulnerabilities — CVE-2026-15718 (an invalid pointer in the WebAssembly engine) and CVE-2026-15719 (a site isolation bypass in DOM navigation) — with exploit code already publicly available. Alongside Firefox, updates for Chrome, Adobe, and VMware are also included in this patch cycle, addressing multiple critical flaws across widely deployed software. The public availability of exploit code significantly raises the risk of active exploitation in the near term.

Security Architect’s Take: Prioritise patching Firefox immediately across all managed endpoints, particularly in environments where users access cloud management consoles or sensitive internal tooling via browser — the combination of a WebAssembly memory corruption bug and a site isolation bypass could enable cross-origin data theft or code execution. Validate that endpoint management and browser fleet policies enforce the latest Firefox version within 24–48 hours, and review whether Chrome, Adobe, and VMware patches are also in scope for emergency change control.

Original advisory: Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws