Mozilla, Google, Adobe and Broadcom Patch 107 Flaws as Firefox Exploit Code Goes Public
Updated
Updated · The Hacker News · Jul 15
Mozilla, Google, Adobe and Broadcom Patch 107 Flaws as Firefox Exploit Code Goes Public
3 articles · Updated · The Hacker News · Jul 15
Summary
Firefox 152.0.6 fixed two critical bugs—CVE-2026-15718 and CVE-2026-15719—after Mozilla said public exploit code exists, though it has not seen attacks in the wild.
Google also shipped Chrome 150.0.7871.124/.125 updates for 15 flaws, including two critical use-after-free bugs in Ozone that could let a remote attacker trigger heap corruption via a crafted HTML page.
Adobe released fixes for 88 vulnerabilities, with the most severe in ColdFusion reaching CVSS 9.9 and additional critical bugs patched in Commerce, Magento Open Source, Experience Manager and Illustrator.
Broadcom separately patched CVE-2026-47865, a CVSS 9.8 authentication-bypass flaw in VMware Avi Load Balancer that could let a network-access attacker reach the Avi Control plane.
None of the flaws are marked as actively exploited, but the mix of public exploit code and high-severity browser, server and enterprise software bugs raises pressure on organizations to update quickly.