CVE-2026-15718 PUBLISHED

Invalid pointer in the JavaScript: WebAssembly component

Assigner: mozilla
Reserved: 14.07.2026 Published: 14.07.2026 Updated: 14.07.2026

We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw. This vulnerability was fixed in Firefox 152.0.6.

Product Status

Vendor Mozilla
Product Firefox
Versions
  • unaffected from 152.0.6 to * (incl.)

Credits

  • Christian Holler

References