Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Firefox and Thunderbird: Malicious Code Can Steal Sensitive Info
CVE-2026-2783
Summary
Using Firefox or Thunderbird before version 148 or ESR 140.8, attackers can potentially steal sensitive information. This is due to a security error in the way the browser's JavaScript engine processes code. Update to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| mozilla | firefox | <= 140.8.0 | – |
| mozilla | firefox | <= 148.0 | – |
| mozilla | thunderbird | <= 140.8.0 | – |
| mozilla | thunderbird | <= 148.0 | – |
Original title
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Original description
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
nvd CVSS3.1
7.5
Vulnerability type
CWE-843
Type Confusion
CWE-200
Information Exposure
- https://bugzilla.mozilla.org/show_bug.cgi?id=2010943 Permissions Required
- https://www.mozilla.org/security/advisories/mfsa2026-13/ Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/ Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-16/ Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/ Vendor Advisory
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026