Mozilla has mounted a complete of 423 Firefox safety bugs in April 2026 alone, a determine practically 20 occasions larger than its month-to-month common of about 21 bugs all through 2025, pushed by a groundbreaking agentic AI pipeline constructed round Anthropic’s Claude Mythos Preview and different massive language fashions.
The surge was triggered by Mozilla’s early entry to Claude Mythos Preview, which identified 271 of the 423 vulnerabilities mounted in April.
These had been primarily shipped as a part of Firefox 150, launched on April 21, 2026, with extra fixes flowing into Firefox 149.0.2, 150.0.1, and 150.0.2. Of the 271 bugs attributed to Claude Mythos Preview in Firefox 150, 180 had been rated sec-high, 80 had been sec-moderate, and 11 had been sec-low, which means most had been vulnerabilities exploitable through regular consumer conduct, akin to merely visiting a malicious webpage.
Mozilla Patches 423 Firefox 0-Day
Past the 271 AI-identified bugs, the remaining 152 fixes included 41 externally reported bugs and 111 found by inner methods, cut up roughly equally between Claude Mythos fixes shipped in different releases, bugs discovered with different AI fashions, and standard fuzzing.
Anthropic’s personal Frontier Pink Workforce was individually credited with three standalone CVEs: CVE-2026-6746, CVE-2026-6757, and CVE-2026-6758.
Mozilla publicly disclosed 12 consultant bug stories to reveal the depth of AI evaluation.
These embody a 15-year-old flaw within the
key() calls precipitated a hash desk to free its backing retailer whereas a uncooked pointer remained in use.
A number of bugs characterize vital sandbox escape primitives, together with a race situation over IPC permitting a compromised content material course of to control IndexedDB refcounts to set off a UAF (Bug 2021894), and a uncooked NaN crossing an IPC boundary masquerading as a tagged JavaScript object pointer to attain a parent-process fake-object primitive (Bug 2022034).
One exploit even simulates a malicious DNS server by intercepting glibc perform calls to set off a buffer over-read throughout HTTPS Report and ECH parsing (Bug 2023958).
These sandbox escape bugs are notoriously troublesome to floor through conventional fuzzing strategies, making AI protection significantly priceless for this assault floor.
Mozilla’s method developed from early static-analysis experiments utilizing GPT-4 and Claude Sonnet 3.5, which produced too many false positives to be sensible.
The breakthrough got here with agentic harness programs that not solely generate bug hypotheses but in addition create reproducible proof-of-concept check instances to dynamically validate them. This eradicated speculative false positives and made large-scale deployment possible.
The pipeline was constructed atop Mozilla’s present fuzzing infrastructure and parallelized throughout a number of ephemeral digital machines, every assigned to hunt for vulnerabilities inside a particular goal file.
Mozilla integrated the full security bug lifecycle into the system: deduplication in opposition to identified points, triage, patch monitoring, and launch administration.
Over 100 contributors labored to assessment, check, and ship the ensuing patches, a testomony to the sustained operational scale required.
Key Vulnerability Breakdown
| Bug ID | Kind | Age / Severity |
|---|---|---|
| 2024437 | HTML
UAF through edge case orchestration |
15-year-old bug, sec-high |
| 2025977 | XSLT reentrant key() hash desk UAF |
20-year-old bug, sec-high |
| 2021894 | IPC race situation → IndexedDB UAF → sandbox escape | sec-high |
| 2022034 | NaN-as-JS-pointer IPC deserialization → sandbox escape | sec-high |
| 2026305 | rowspan=0 HTML desk 16-bit bitfield overflow |
sec-high, evaded fuzzers for years |
| 2029813 | RLBox in-process sandbox escape through verification hole | sec-high |
Equally notable is what the AI pipeline failed to use, not resulting from limitation, however due to efficient prior hardening.
Audit logs revealed quite a few AI-driven makes an attempt to use prototype air pollution for sandbox escapes, all blocked by Mozilla’s earlier architectural determination to freeze JavaScript prototypes by default. This supplied direct, measurable validation of beforehand shipped defense-in-depth mitigations.
Mozilla’s steerage is direct: any software program undertaking can start utilizing an agentic harness with a contemporary mannequin at present.
The preliminary prompts may be easy, basically directing the mannequin to discover a bug in a particular code area and construct a check case, with iteration bettering effectiveness over time.
Mozilla plans to combine this pipeline into its continuous integration (CI) system to scan incoming patches as they land, extending protection from file-based to patch-based scanning.
Cybercriminals now enter by your suppliers as an alternative of your entrance door – Free Webinar