Firefox & Thunderbird: Data Leak from Old Memory

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

Firefox & Thunderbird: Data Leak from Old Memory

CVE-2026-2798

Summary

Old versions of Firefox and Thunderbird can leak sensitive data due to a bug that allows an attacker to access memory that should have been deleted. This poses a risk to users who visit malicious websites. Update to the latest version to fix this issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
mozilla	firefox	<= 148.0	–
mozilla	thunderbird	<= 148.0	–

Original title

Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

Original description

Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

nvd CVSS3.1 8.8

Vulnerability type

CWE-416 Use After Free

https://bugzilla.mozilla.org/show_bug.cgi?id=2014136 Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-13/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-16/ Vendor Advisory

Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026