Updated
Updated · The Hacker News · Jul 15
Mozilla, Google, Adobe and Broadcom Patch 107 Flaws as Firefox Exploit Code Goes Public
Updated
Updated · The Hacker News · Jul 15

Mozilla, Google, Adobe and Broadcom Patch 107 Flaws as Firefox Exploit Code Goes Public

3 articles · Updated · The Hacker News · Jul 15

Summary

  • Firefox 152.0.6 fixed two critical bugs—CVE-2026-15718 and CVE-2026-15719—after Mozilla said public exploit code exists, though it has not seen attacks in the wild.
  • Google also shipped Chrome 150.0.7871.124/.125 updates for 15 flaws, including two critical use-after-free bugs in Ozone that could let a remote attacker trigger heap corruption via a crafted HTML page.
  • Adobe released fixes for 88 vulnerabilities, with the most severe in ColdFusion reaching CVSS 9.9 and additional critical bugs patched in Commerce, Magento Open Source, Experience Manager and Illustrator.
  • Broadcom separately patched CVE-2026-47865, a CVSS 9.8 authentication-bypass flaw in VMware Avi Load Balancer that could let a network-access attacker reach the Avi Control plane.
  • None of the flaws are marked as actively exploited, but the mix of public exploit code and high-severity browser, server and enterprise software bugs raises pressure on organizations to update quickly.

Insights

As AI generates exploits in hours, is browser auto-update still fast enough to protect you from the next major attack?
When new ransomware uses legitimate browser features instead of bugs, how can users distinguish safe clicks from malicious ones?