VulnerableCode Package Details - pkg:mozilla/Firefox%20ESR@140.7.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:mozilla/Firefox%20ESR@140.7.1

purl	pkg:mozilla/Firefox%20ESR@140.7.1

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-8vka-qus2-tbhj	Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.	CVE-2026-2447

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:16:37.817919+00:00	Mozilla Importer	Fixing	VCID-8vka-qus2-tbhj	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2026/mfsa2026-10.yml	38.0.0