March 24, 2026 vulnerability digest: Firefox 149 patches 42 CVEs, AI finds six of them

Firefox 149 fixed 42 vulnerabilities on March 24, 2026, including six sandbox escapes. Separately, researchers using Anthropic's Claude discovered another six bugs in three Firefox components, the first multi-CVE AI contribution to a major browser advisory. Google patched eight high-severity flaws in Chrome 146.0.7680.165. Langflow received two more RCE advisories, bringing its March total to five.

Critical

Mozilla's MFSA 2026-20 is one of the largest Firefox security advisories in recent years. Of the 42 CVEs, 18 carry a "high" impact rating from Mozilla. The rest are "moderate" or "low." Six allow sandbox escape, the most severe class of browser flaw. A successful exploit breaks out of Firefox's isolation boundary and can run code on the host system.

Researcher Sajeeb Lohani alone accounts for 15 of the 42 CVEs. Four of his findings are sandbox escapes. CVE-2026-4687 (Telemetry, incorrect boundary conditions), CVE-2026-4689 and CVE-2026-4690 (both XPCOM, integer overflow), and CVE-2026-4688 (Disability Access APIs, use-after-free) all allow sandbox escape. The remaining two escapes are CVE-2026-4692 (Responsive Design Mode, credited to Tom Ritter) and CVE-2026-4725 (Canvas2D use-after-free, found by Jun Yang).

Four additional use-after-free bugs carry "high" impact. CVE-2026-4684 hits WebRender. CVE-2026-4691 targets CSS Parsing. CVE-2026-4696 affects Layout (Text and Fonts). CVE-2026-4698 is a JIT miscompilation reported by maxpl0it through Trend Micro's Zero Day Initiative.

Two memory safety rollups close out the high-impact tier. CVE-2026-4720 covers bugs in Firefox ESR 140.8 and Thunderbird ESR 140.8. CVE-2026-4729 covers additional bugs fixed only in Firefox 149 and Thunderbird 149. Mozilla's standard advisory language applies to both. "Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

AI-discovered vulnerabilities

Six CVEs in MFSA 2026-20 were found using Claude from Anthropic. The group includes Nicholas Carlini (Google DeepMind), Alex Gaynor, Evyatar Ben Asher, Keane Lucas, Newton Cheng, Daniel Freeman, and Joel Weinberger. Mozilla credits them as having discovered the bugs "using Claude from Anthropic."

The six span three distinct components. CVE-2026-4702 is a JIT miscompilation in the JavaScript Engine. CVE-2026-4723 is a use-after-free in the same engine. CVE-2026-4724 is undefined behaviour in Audio/Video. CVE-2026-4704, CVE-2026-4705, and CVE-2026-4718 all target WebRTC Signaling. Five are rated "moderate," one is "low."

Google's Big Sleep project found one SQLite buffer overflow using AI in November 2024.

MFSA 2026-20 lists six AI-found bugs spanning three components in one release cycle.

AI-assisted vulnerability discovery crossed a threshold in MFSA 2026-20. Seven researchers found six browser bugs in JavaScript, Audio/Video, and WebRTC using a commercially available LLM. None required zero-day-class exploitation difficulty, but a JIT miscompilation and a use-after-free in the JavaScript engine are not trivial finds. If a defensive effort can produce this output in one cycle, an offensive one with the same model can too.

Chrome 146 update

Google released Chrome 146.0.7680.164/165 on March 24, fixing eight high-severity bugs. The most severe are three use-after-free flaws. CVE-2026-4676 (CVSS 8.8) hits Dawn, Chrome's WebGPU implementation. CVE-2026-4678 (CVSS 8.8) targets WebGPU directly. CVE-2026-4680 (CVSS 8.8) affects FedCM (Federated Credential Management).

Heap buffer overflows in WebAudio (CVE-2026-4673) and WebGL (CVE-2026-4675) round out the high-severity set. An integer overflow in Fonts (CVE-2026-4679) enables out-of-bounds memory writes. All can be triggered by visiting a crafted webpage.

Chrome's latest release follows Google's emergency fix for CVE-2026-3909 and CVE-2026-3910 two weeks ago. CISA added both to its KEV catalog. Internally discovered Chrome flaws are frequently linked to commercial spyware vendors.

Also notable

Langflow added two more RCE flaws on March 24. CVE-2026-33309 (CVSS 9.9) and CVE-2026-33475 (CVSS 9.1) join CVE-2026-33017 (CVSS 9.3), which Sysdig documented being exploited within 20 hours of disclosure on March 17. Five severe RCEs in one platform in a single week. The same exec() pattern persists throughout the codebase.

Zimbra Collaboration Suite 8.8.15 has a command injection in the PostJournal service. CVE-2025-71275 (CVSS 9.3) targets the same attack surface as CVE-2024-45519 (PostJournal RCE, CISA KEV) and CVE-2023-37580 (XSS, exploited by four nation-state groups). WordPress took two more hits. CVE-2026-4001 (CVSS 9.8) is RCE in WooCommerce Custom Product Addons Pro. CVE-2026-4283 (CVSS 9.1) lets unauthenticated attackers destroy accounts via WP DSGVO Tools.

March 24 produced 42 Firefox CVEs and 8 Chrome CVEs in one day. Both browsers fixed sandbox-escape-class flaws that require nothing more than a malicious webpage to trigger. A user who opened the wrong link yesterday on Firefox 148 or Chrome 146.0.7680.153 was one exploit away from host compromise.

Update Firefox to 149. Update Chrome to 146.0.7680.165. Both updates close sandbox-level attack paths that a single malicious page can trigger. Langflow operators should assume the platform is compromised until a full security audit ships. Zimbra 8.8.15 administrators should patch PostJournal or restrict inbound email journaling.