Security Advisory 2026-14 Fixed in Firefox ESR 115.33 Announced on February 24, 2026 Impact: High List of Vulnerabilities: - CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component - CVE-2026-2758: Use-after-free in the JavaScript: GC component - CVE-2026-2759: Incorrect boundary conditions in the Graphics: ImageLib component - CVE-2026-2760: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component - CVE-2026-2761: Sandbox escape in the Graphics: WebRender component - CVE-2026-2763: Use-after-free in the JavaScript Engine component - CVE-2026-2764: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component - CVE-2026-2769: Use-after-free in the Storage: IndexedDB component - CVE-2026-2770: Use-after-free in the DOM: Bindings (WebIDL) component - CVE-2026-2771: Undefined behavior in the DOM: Core & HTML component - CVE-2026-2772: Use-after-free in the Audio/Video: Playback component - CVE-2026-2773: Incorrect boundary conditions in the Web Audio component - CVE-2026-2774: Integer overflow in the Audio/Video component - CVE-2026-2775: Mitigation bypass in the DOM: HTML Parser component - CVE-2026-2776: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software - CVE-2026-2777: Privilege escalation in the Messaging System component - CVE-2026-2778: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component - CVE-2026-2779: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component - CVE-2026-2780: Mitigation bypass in the DOM: HTML Parser component - CVE-2026-2781: Incorrect boundary conditions in the Audio/Video: GMP component - CVE-2026-2782: Use-after-free in the Graphics: ImageLib component - CVE-2026-2793: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148