The Mozilla Foundation has released Firefox 8 and Firefox 3.6.24 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, cause a denial-of-services condition, obtain sensitive information, or perform a cross-site scripting attack.
US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories for Firefox 8 and Firefox 3.6.24 and apply any necessary updates to help mitigate the risk.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3502 TrueConf Client…