If you're running Mozilla Firefox older than 152.0.4, there's a CVE-2026-14241 exploit in the wild that can hand an attacker full code execution on your machine.
CVE-2026-14241: Arbitrary Code Execution in Firefox Pre-152.0.4
CERT-FR (the French national cybersecurity agency) published advisory CERTFR-2026-AVI-0820 on July 1, 2026, confirming a vulnerability in Mozilla Firefox that allows an attacker to execute arbitrary code remotely. The flaw affects all Firefox versions prior to 152.0.4. Mozilla addressed it in security bulletin mfsa2026-62, released June 30, 2026.
Arbitrary code execution means a malicious webpage or crafted input can run any command on the victim's system with the privileges of the Firefox process. That's game-over for sandbox protections if the exploit chains with a privilege escalation. No technical details of the vulnerability's root cause are public yet, but the advisory severity is high enough that CERT-FR issued a standalone alert.
Patch Now – Details from Mozilla's MFSA2026-62
Mozilla's advisory at https://www.mozilla.org/en-US/security/advisories/mfsa2026-62/ is the primary source for the fix. Firefox 152.0.4 is the patched version. If you haven't updated, Firefox's built-in update mechanism should offer it automatically, or you can grab it from mozilla.org. ESR and other channel users should check for corresponding updates.
CVE-2026-14241 has not yet been publicly analyzed on exploit databases, but the disclosure from Mozilla and CERT-FR means reverse engineering the patch will yield a working exploit within days. Attackers will move quickly on unpatched installations.
Check your Firefox version – if it's under 152.0.4, update immediately; the exploit details will likely be public soon, and that clock is already ticking.
Source: Vulnérabilité dans Mozilla Firefox (01 juillet 2026)
Domain: cert.ssi.gouv.fr
Comments load interactively on the live page.