Memory Safety Bugs in Firefox 147 & ESR 140.7, Thunderbird 147 & ESR 140.7
CVE-2026-2792 Published on February 24, 2026

Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148 and Firefox ESR < 140.8.

NVD

Products Associated with CVE-2026-2792

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-2792 are published in these products:

Mozilla Firefox

Mozilla FireFox Extended Support Release (ESR)

Affected Versions

Mozilla Firefox:

Version unspecified and below 148 is affected.

Mozilla Firefox ESR:

Version unspecified and below 140.8 is affected.

Mozilla Thunderbird:

Version unspecified and below 148 is affected.

Mozilla Thunderbird:

Version unspecified and below 140.8 is affected.

Memory Safety Bugs in Firefox 147 & ESR 140.7, Thunderbird 147 & ESR 140.7CVE-2026-2792 Published on February 24, 2026

Products Associated with CVE-2026-2792

Affected Versions

Memory Safety Bugs in Firefox 147 & ESR 140.7, Thunderbird 147 & ESR 140.7
CVE-2026-2792 Published on February 24, 2026