CVE-2026-41431: Mozconfig Unverified Updates Enabled

Mozilla build configuration explicitly enables unverified updates via '--enable-unverified-updates'. This allows signature-absent update packages (MAR) to be applied without cryptographic validation, exposing users to arbitrary code execution if update channels are compromised.

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0generic

greprules fetch cve-2026-41431-mozconfig-unverified-updates-enabled --engine opengrep

Description

Mozilla build configuration explicitly enables unverified updates via '--enable-unverified-updates'. This allows signature-absent update packages (MAR) to be applied without cryptographic validation, exposing users to arbitrary code execution if update channels are compromised.

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Trust signals: 113 downloads
0 direct113 via packs
· 0 stars · Trust score 53How trust works
Included packs: 2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark useful Report false positive Suggest metadata