Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Firefox and Thunderbird Integer Overflow in Libraries Component
CVE-2026-2781
Summary
A bug in the Libraries component of Firefox and Thunderbird can cause the software to crash or behave unexpectedly, potentially allowing an attacker to execute malicious code. This affects older versions of Firefox and Thunderbird, so it's essential to update to the latest version. Update your browser or email client to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| mozilla | firefox | <= 140.8.0 | – |
| mozilla | firefox | <= 148.0 | – |
| mozilla | thunderbird | <= 140.8.0 | – |
| mozilla | thunderbird | <= 148.0 | – |
Original title
Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Original description
Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
nvd CVSS3.1
9.8
Vulnerability type
CWE-190
Integer Overflow
- https://bugzilla.mozilla.org/show_bug.cgi?id=2009552 Issue Tracking Permissions Required
- https://www.mozilla.org/security/advisories/mfsa2026-13/ Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/ Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-16/ Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/ Vendor Advisory
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026