Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws 4%

By Ravie Lakshmanan18%

7/15/2026, 1:18:00 PM

BS Summary: This article contains 18 faulty reasoning types, including Availability Heuristic, Appeal to Authority, and Pessimism Bias, with Negativity Bias as the most egregious example at 15.5% saturation with 91 hits. Analysis detected 700 faulty-reasoning hits from 588 analyzed words, generating a BS Score of 18.6% and a BS Rank of 4% (15,561 of 16,187 articles). This article is better (less manipulative) than 96.10% of the article peer group.

Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. 
The vulnerabilities are listed below - 
CVE-2026-15718, an invalid pointer in the JavaScript: WebAssembly component 
CVE-2026-15719, a site isolation in the DOM: Navigation component 
"We are aware that exploit code for this is public, however we are not aware of any attacks in the wild abusing this flaw," Mozilla said in an advisory. 
Both vulnerabilities have been addressed in Firefox version 152.0.6. 
The release comes as Google shipped fixes for 15 security flaws, including two critical use-after-free bugs in Ozone (CVE-2026-15764 and CVE-2026-15765), a cross-platform abstraction layer that allows the browser to interact natively with various display servers and windowing systems. 
It supports Linux, ChromeOS, and Fuchsia. 
"Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page," according to a description of CVE-2026-15764 in the NIST National Vulnerability Database (NVD). 
The shortcomings have been patched in Chrome version 150.0.7871.124/.125 for Windows and Mac and 150.0.7871.124 for Linux. 
In a related development, Adobe has published security updates for 88 vulnerabilities, including multiple critical-severity bugs in ColdFusion, Commerce, Experience Manager, and Illustrator. 
Of these, eight impact Adobe ColdFusion - 
CVE-2026-48318 (CVSS score: 9.9) - A path traversal vulnerability that could lead to arbitrary code execution 
CVE-2026-48322 (CVSS score: 9.6) - A code injection vulnerability that could lead to arbitrary code execution 
CVE-2026-48284 (CVSS score: 9.6) - An improper input validation vulnerability that could lead to arbitrary code execution 
CVE-2026-48321 (CVSS score: 9.3) - An incorrect authorization vulnerability that could lead to privilege escalation 
CVE-2026-48325 (CVSS score: 9.3) - A missing authentication for a critical function vulnerability that could lead to arbitrary code execution 
CVE-2026-48319 (CVSS score: 9.1) - A path traversal vulnerability that could lead to arbitrary code execution 
CVE-2026-48324 (CVSS score: 9.1) - An SQL injection vulnerability that could lead to arbitrary code execution 
CVE-2026-48327 (CVSS score: 9.0) - An incorrect authorization vulnerability that could lead to arbitrary code execution 
The CodeFusion flaws have been remediated in versions ColdFusion 2025 Update 11 and ColdFusion 2023 Update 22. 
Also fixed by Adobe are two critical flaws each in Adobe Commerce and Magento Open Source and Adobe Experience Manager - 
CVE-2026-48356 (CVSS score: 9.6) - A file upload vulnerability in Adobe Commerce and Magento Open Source that could lead to privilege escalation 
CVE-2026-48358 (CVSS score: 9.1) - An improper encoding or escaping of output vulnerability in Adobe Commerce and Magento Open Source that could lead to arbitrary code execution 
CVE-2026-48259 (CVSS score: 9.6) - A server-side request forgery vulnerability in Adobe Experience Manager that could lead to arbitrary code execution 
CVE-2026-48359 (CVSS score: 9.6) - An improper restriction of XML external entity reference vulnerability in Adobe Experience Manager that could lead to arbitrary code execution 
Elsewhere, Broadcom has released a fix for a critical authentication bypass vulnerability in VMware Avi Load Balancer (CVE-2026-47865, CVSS score: 9.8) that a malicious user with network access can exploit to access the Avi Control plane. 
Filip Waeytens of the NATO Cyber Security Centre (NCSC) has been credited with discovering and reporting the flaw. 
Although none of the vulnerabilities have been marked as actively exploited, it's essential that organizations install the latest updates, given that threat actors are known to weaponize flaws in these products in attacks. 
Confirmation Bias
0%
Anchoring Bias
0%
Availability Heuristic
13.6%
Representativeness Heuristic
0%
Hindsight Bias
0%
Overconfidence Bias
2.9%
Framing Effect
1.9%
Loss Aversion
5.6%
Status Quo Bias
0%
Sunk Cost Effect
0%
Optimism Bias
4.4%
Pessimism Bias
10.5%
Negativity Bias
15.5%
Self-Serving Bias
0%
Fundamental Attribution Error
0%
Actor-Observer Bias
0%
In-Group Bias
0%
Out-Group Homogeneity Bias
0%
Halo Effect
3.1%
Horn Effect
0%
Dunning-Kruger Effect
0%
Recency Bias
6.6%
Primacy Effect
0%
Blind-Spot Bias
0%
Ad Hominem
0%
Straw Man
0%
Appeal to Authority
11.6%
False Dilemma
0%
Slippery Slope
0%
Circular Reasoning
0%
Hasty Generalization
8.2%
Red Herring
0%
Bandwagon
0%
Appeal to Emotion
5.6%
Begging the Question
0%
Post Hoc (False Cause)
6.6%
Tu Quoque
0%
Burden of Proof
5.6%
Appeal to Nature
0%
Composition/Division
0%
Anecdotal
0%
No True Scotsman
0%
Ambiguity (Equivocation)
4.9%
Gambler’s Fallacy
0%
Middle Ground
0%
Personal Incredulity
0%
Special Pleading
0%
Genetic Fallacy
0%
Unattributed Quote
4.9%
Quote-first Misdirection
0%
Biased Writer Voice
1.9%
Indoctrination
5.6%
Politically Left Leaning Bias
0%
Politically Right Leaning Bias
0%
Attempt to Sell a Product or Service
0%

588 words analyzed.

Analysis

Hover over highlighted words in the article to view the associated bias or fallacy analysis.