Firefox and Thunderbird can crash or run malicious code

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Firefox and Thunderbird can crash or run malicious code

CVE-2026-2796

Summary

A security issue in the JavaScript: WebAssembly component of Firefox and Thunderbird can cause the browser or email client to crash or allow malicious code to run. This affects users of Firefox and Thunderbird versions less than 148. Update to the latest version to fix the issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
mozilla	firefox	<= 148.0	–
mozilla	thunderbird	<= 148.0	–

Original title

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

Original description

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

nvd CVSS3.1 9.8

Vulnerability type

CWE-843 Type Confusion

https://bugzilla.mozilla.org/show_bug.cgi?id=2013165 Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-13/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-16/ Vendor Advisory

Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026