Mozilla
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Mozilla product.
RSS Feeds for Mozilla security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Mozilla products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Mozilla Sorted by Most Security Vulnerabilities since 2018
Recent Mozilla Security Advisories
| Advisory | Title | Published |
|---|---|---|
| mfsa2026-19 | Security Vulnerabilities fixed in Firefox 148.0.2 mfsa2026-19 | March 10, 2026 |
| mfsa2026-18 | Security Vulnerabilities fixed in Focus for iOS 148.2 mfsa2026-18 | March 2, 2026 |
| mfsa2026-13 | Security Vulnerabilities fixed in Firefox 148 mfsa2026-13 | February 24, 2026 |
| mfsa2026-17 | Security Vulnerabilities fixed in Thunderbird 140.8 mfsa2026-17 | February 24, 2026 |
| mfsa2026-15 | Security Vulnerabilities fixed in Firefox ESR 140.8 mfsa2026-15 | February 24, 2026 |
| mfsa2026-16 | Security Vulnerabilities fixed in Thunderbird 148 mfsa2026-16 | February 24, 2026 |
| mfsa2026-14 | Security Vulnerabilities fixed in Firefox ESR 115.33 mfsa2026-14 | February 24, 2026 |
| mfsa2026-12 | Security Vulnerabilities fixed in Firefox for iOS 147.4 mfsa2026-12 | February 20, 2026 |
| mfsa2026-11 | Security Vulnerabilities fixed in Thunderbird 147.0.2 and 140.7.2 mfsa2026-11 | February 16, 2026 |
| mfsa2026-10 | Security Vulnerabilities fixed in 147.0.4, ESR 140.7.1, and ESR 115.32.1 mfsa2026-10 | February 16, 2026 |
Known Exploited Mozilla Vulnerabilities
The following Mozilla vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Mozilla Multiple Products Remote Code Execution Vulnerability |
Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption. CVE-2010-3765 Exploit Probability: 86.0% |
October 6, 2025 |
| Mozilla Firefox Use-After-Free Vulnerability |
Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process. CVE-2024-9680 Exploit Probability: 30.8% |
October 15, 2024 |
| Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability |
Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows. CVE-2016-9079 Exploit Probability: 84.8% |
June 22, 2023 |
| Mozilla Firefox Security Feature Bypass Vulnerability |
Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. CVE-2015-4495 Exploit Probability: 71.6% |
May 25, 2022 |
| Mozilla Firefox and Thunderbird Type Confusion Vulnerability |
Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash. CVE-2019-11707 Exploit Probability: 84.4% |
May 23, 2022 |
| Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability |
Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution. CVE-2019-11708 Exploit Probability: 68.9% |
May 23, 2022 |
| Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability |
Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service or possibly execute arbitrary code via a crafted web site. CVE-2013-1690 Exploit Probability: 47.1% |
March 28, 2022 |
| Mozilla Firefox Use-After-Free Vulnerability |
Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution. CVE-2022-26486 Exploit Probability: 2.2% |
March 7, 2022 |
| Mozilla Firefox Use-After-Free Vulnerability |
Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution. CVE-2022-26485 Exploit Probability: 7.1% |
March 7, 2022 |
| Mozilla Firefox Information Disclosure Vulnerability |
Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. CVE-2013-1675 Exploit Probability: 4.7% |
March 3, 2022 |
| Mozilla Firefox 74 and Firefox ESR 68.6 nsDocShell vulnerability |
A race condition can cause a use-after-free when running the nsDocShell destructor. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. CVE-2020-6819 Exploit Probability: 0.3% |
November 3, 2021 |
| Mozilla Firefox 74 and Firefox ESR 68.6 ReadableStream vulnerability |
A race condition can cause a use-after-free when handling a ReadableStream. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. CVE-2020-6820 Exploit Probability: 5.0% |
November 3, 2021 |
| Mozilla Firefox IonMonkey JIT compiler Type Confusion Vulnerability |
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1 CVE-2019-17026 Exploit Probability: 64.8% |
November 3, 2021 |
Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 5 known exploited Mozilla vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 77 vulnerabilities in Mozilla with an average score of 8.6 out of ten. Last year, in 2025 Mozilla had 208 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Mozilla in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.00.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 77 | 8.60 |
| 2025 | 208 | 7.61 |
| 2024 | 204 | 7.12 |
| 2023 | 202 | 7.24 |
| 2022 | 188 | 7.42 |
| 2021 | 158 | 7.12 |
| 2020 | 184 | 7.25 |
| 2019 | 152 | 7.53 |
| 2018 | 345 | 7.65 |
It may take a day or so for new Mozilla vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Mozilla Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-3847 | Mar 10, 2026 |
Memory safety bugs in Firefox <148.0.2Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148.0.2. |
Firefox
|
| CVE-2026-3846 | Mar 10, 2026 |
Firefox Same-origin bypass in CSS parsing <148.0.2Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability affects Firefox < 148.0.2. |
Firefox
|
| CVE-2026-3845 | Mar 10, 2026 |
Firefox Android 148 AV Playback Heap OverflowHeap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability affects Firefox < 148.0.2. |
Firefox
|
| CVE-2026-2919 | Mar 09, 2026 |
Focus iOS <148.2 UI Redirect via Malicious iframe SpoofMalicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a _self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability affects Focus for iOS < 148.2. |
Focus
|
| CVE-2026-2807 | Feb 24, 2026 |
Memory Safety Bugs in Firefox 147 (CVE20262807)Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148 and Thunderbird < 148. |
Firefox
Thunderbird
|
| CVE-2026-2806 | Feb 24, 2026 |
Firefox Graphics Text Uninit Memory (CVE-2026-2806)Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and Thunderbird < 148. |
Firefox
Thunderbird
|
| CVE-2026-2805 | Feb 24, 2026 |
Invalid pointer DOM Core & HTML in Firefox <148Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. |
Firefox
Thunderbird
|
| CVE-2026-2804 | Feb 24, 2026 |
Use-after-Free in Firefox WebAssembly JS EngineUse-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. |
Firefox
Thunderbird
|
| CVE-2026-2803 | Feb 24, 2026 |
Firefox <148 Settings UI Component Info Disclosure & Mitigation BypassInformation disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox < 148. |
Firefox
|
| CVE-2026-2802 | Feb 24, 2026 |
Race Condition in Firefox JS GC ComponentRace condition in the JavaScript: GC component. This vulnerability affects Firefox < 148. |
Firefox
|
| CVE-2026-2801 | Feb 24, 2026 |
Firefox <148 WAsm Boundary Condition VulnerabilityIncorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. |
Firefox
Thunderbird
|
| CVE-2026-2800 | Feb 24, 2026 |
Firefox Android WebAuthn Spoofing CVESpoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148 and Thunderbird < 148. |
Firefox
Thunderbird
|
| CVE-2026-2799 | Feb 24, 2026 |
Firefox <148: UAF in DOM Core/HTMLUse-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. |
Firefox
Thunderbird
|
| CVE-2026-2798 | Feb 24, 2026 |
Use-after-free (UAF) in Firefox DOM: Core & HTML (148)Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148. |
Firefox
|
| CVE-2026-2797 | Feb 24, 2026 |
Firefox JavaScript GC UAF (CVE20262797)Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. |
Firefox
Thunderbird
|
| CVE-2026-2796 | Feb 24, 2026 |
Firefox WebAssembly JIT Miscompilation CVE-2026-2796JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. |
Firefox
Thunderbird
|
| CVE-2026-2795 | Feb 24, 2026 |
Use-after-free in JS GC (Firefox <148)Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. |
Firefox
Thunderbird
|
| CVE-2026-2634 | Feb 24, 2026 |
Firefox iOS <147.4 Desync Address Bar Attack (CVE-2026-2634)Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability affects Firefox for iOS < 147.4. |
Firefox
|
| CVE-2026-2794 | Feb 24, 2026 |
Firefox Uninitialized Memory Info Disclosure (147)Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability affects Firefox < 148. |
Firefox
|
| CVE-2026-2793 | Feb 24, 2026 |
Memory Safety Bug in Firefox ESR <115.33/140.8; <148 for FF/ThunderbirdMemory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2792 | Feb 24, 2026 |
Memory Safety Bugs in Firefox 147 & ESR 140.7, Thunderbird 147 & ESR 140.7Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2791 | Feb 24, 2026 |
Firefox <148 / ESR<140.8: Networking Cache Mitigation BypassMitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2790 | Feb 24, 2026 |
Firefox Same-origin policy bypass in JAR component before 148/ESR 140.8Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148 and Firefox ESR < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
|
| CVE-2026-2789 | Feb 24, 2026 |
Use-after-free in Graphics ImageLib of Firefox <148 (ESR <115.33/140.8)Use-after-free in the Graphics: ImageLib component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2788 | Feb 24, 2026 |
Firefox <148 Boundary Condition Flaw in Audio/Video GMPIncorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2787 | Feb 24, 2026 |
UAF in Firefox DOM Window/Location before v148Use-after-free in the DOM: Window and Location component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2786 | Feb 24, 2026 |
Use-after-free in Firefox JS Engine (before 148)Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2785 | Feb 24, 2026 |
Firefox <148/ESR<140.8: Invalid Pointer in JS EngineInvalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2784 | Feb 24, 2026 |
Firefox <148 & ESR<140.8: DOM Mitigation Bypass in Security ComponentMitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2783 | Feb 24, 2026 |
Firefox <=148 Info Disclosure via JIT MiscompInformation disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148 and Firefox ESR < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
|
| CVE-2026-2782 | Feb 24, 2026 |
Firefox Netmonitor Privilege Escalation (v<148/ESR<140.8)Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2781 | Feb 24, 2026 |
Firefox <148 ESR <140.8 Integer Overflow in NSS LibrariesInteger overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148 and Firefox ESR < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
|
| CVE-2026-2780 | Feb 24, 2026 |
Firefox Netmonitor PrivEsc pre-148 ESR<140.8Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2779 | Feb 24, 2026 |
Firefox JAR Boundary Flaw (pre-148, ESR <140.8)Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2778 | Feb 24, 2026 |
Firefox sandbox escape via DOM boundary conditions <148Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2777 | Feb 24, 2026 |
Privilege Escalation in Firefox MessagingSystem <148 (ESR <115.33,140.8)Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2776 | Feb 24, 2026 |
Sandbox escape CVE-2026-2776 in Firefox <148 via Telemetry boundarySandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2775 | Feb 24, 2026 |
Firefox HTMLParser Mitigation Bypass before v148 (ESR <115.33/140.8)Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2774 | Feb 24, 2026 |
Firefox Audio/Video Component Integer Overflow (FF<148, ESR<115.33)Integer overflow in the Audio/Video component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2773 | Feb 24, 2026 |
Firefox WebAudio Wrong boundary flaw before v148Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2772 | Feb 24, 2026 |
UAF in Firefox <148 AV Playback componentUse-after-free in the Audio/Video: Playback component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2771 | Feb 24, 2026 |
Firefox <148 / ESR <115.33, <140.8 Undefined Behavior in DOM (CVE2026-2771)Undefined behavior in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2770 | Feb 24, 2026 |
Use-after-free in Firefox DOM Bindings (WebIDL) < v148Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2769 | Feb 24, 2026 |
Use-after-free in Firefox IndexedDB before v148Use-after-free in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2767 | Feb 24, 2026 |
Use-After-Free in Firefox <148 & ESR <140.8 WebAssembly (Wasm)Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Firefox ESR < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
|
| CVE-2026-2768 | Feb 24, 2026 |
Firefox <=148 IndexedDB sandbox escapeSandbox escape in the Storage: IndexedDB component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2766 | Feb 24, 2026 |
Useafterfree in Firefox JavaScript Engine JIT <148/ESR 140.8Use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2765 | Feb 24, 2026 |
Use-after-free in Firefox JS Engine (before 148, ESR<140.8)Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2763 | Feb 24, 2026 |
UAF in Firefox JavaScript Engine < v148 & ESR 115.33Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |
| CVE-2026-2764 | Feb 24, 2026 |
Firefox <148 JIT Miscompilation UAF in JS EngineJIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
Firefox
FireFox Extended Support Release (ESR)
Thunderbird
And others... |