Mozilla Patches 423 Firefox 0-Day Vulnerabilities with Claude Mythos and Other AI Models

Mozilla has fixed a total of 423 Firefox security bugs in April 2026 alone, a figure nearly 20 times higher than its monthly average of about 21 bugs throughout 2025, driven by a groundbreaking agentic AI pipeline built around Anthropic’s Claude Mythos Preview and other large language models.

The surge was triggered by Mozilla’s early access to Claude Mythos Preview, which identified 271 of the 423 vulnerabilities fixed in April.

These were primarily shipped as part of Firefox 150, released on April 21, 2026, with additional fixes flowing into Firefox 149.0.2, 150.0.1, and 150.0.2. Of the 271 bugs attributed to Claude Mythos Preview in Firefox 150, 180 were rated sec-high, 80 were sec-moderate, and 11 were sec-low, meaning most were vulnerabilities exploitable via normal user behavior, such as simply visiting a malicious webpage.

Mozilla Patches 423 Firefox 0-Day

Beyond the 271 AI-identified bugs, the remaining 152 fixes included 41 externally reported bugs and 111 discovered through internal techniques, split roughly equally between Claude Mythos fixes shipped in other releases, bugs found with other AI models, and conventional fuzzing.

Anthropic’s own Frontier Red Team was separately credited with three standalone CVEs: CVE-2026-6746, CVE-2026-6757, and CVE-2026-6758.

Mozilla publicly disclosed 12 representative bug reports to demonstrate the depth of AI analysis.

These include a 15-year-old flaw in the <legend> HTML element (Bug 2024437), triggered by meticulous orchestration of recursion stack depths and cycle collection edge cases, and a 20-year-old use-after-free (UAF) in Firefox’s XSLT engine (Bug 2025977) where reentrant key() calls caused a hash table to free its backing store while a raw pointer remained in use.

Several bugs represent critical sandbox escape primitives, including a race condition over IPC allowing a compromised content process to manipulate IndexedDB refcounts to trigger a UAF (Bug 2021894), and a raw NaN crossing an IPC boundary masquerading as a tagged JavaScript object pointer to achieve a parent-process fake-object primitive (Bug 2022034).

One exploit even simulates a malicious DNS server by intercepting glibc function calls to trigger a buffer over-read during HTTPS Record and ECH parsing (Bug 2023958).

These sandbox escape bugs are notoriously difficult to surface via traditional fuzzing methods, making AI coverage particularly valuable for this attack surface.

Mozilla’s approach evolved from early static-analysis experiments using GPT-4 and Claude Sonnet 3.5, which produced too many false positives to be practical.

The breakthrough came with agentic harness systems that not only generate bug hypotheses but also create reproducible proof-of-concept test cases to dynamically validate them. This eliminated speculative false positives and made large-scale deployment feasible.

The pipeline was built atop Mozilla’s existing fuzzing infrastructure and parallelized across multiple ephemeral virtual machines, each assigned to hunt for vulnerabilities within a specific target file.

Mozilla integrated the full security bug lifecycle into the system: deduplication against known issues, triage, patch tracking, and release management.

Over 100 contributors worked to review, test, and ship the resulting patches, a testament to the sustained operational scale required.

Key Vulnerability Breakdown

Bug ID	Type	Age / Severity
2024437	HTML <legend> UAF via edge case orchestration	15-year-old bug, sec-high
2025977	XSLT reentrant key() hash table UAF	20-year-old bug, sec-high
2021894	IPC race condition → IndexedDB UAF → sandbox escape	sec-high
2022034	NaN-as-JS-pointer IPC deserialization → sandbox escape	sec-high
2026305	rowspan=0 HTML table 16-bit bitfield overflow	sec-high, evaded fuzzers for years
2029813	RLBox in-process sandbox escape via verification gap	sec-high

Equally notable is what the AI pipeline failed to exploit, not due to limitation, but because of effective prior hardening.

Audit logs revealed numerous AI-driven attempts to exploit prototype pollution for sandbox escapes, all blocked by Mozilla’s earlier architectural decision to freeze JavaScript prototypes by default. This provided direct, measurable validation of previously shipped defense-in-depth mitigations.

Mozilla’s guidance is direct: any software project can begin using an agentic harness with a modern model today.

The initial prompts can be simple, essentially directing the model to find a bug in a specific code region and build a test case, with iteration improving effectiveness over time.

Mozilla plans to integrate this pipeline into its continuous integration (CI) system to scan incoming patches as they land, extending coverage from file-based to patch-based scanning.

Cybercriminals now enter through your suppliers instead of your front door – Free Webinar