Firefox and Thunderbird: Malicious Websites Can Crash Browser

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Firefox and Thunderbird: Malicious Websites Can Crash Browser

CVE-2026-2805

Summary

Versions of Firefox and Thunderbird prior to 148 have a security weakness that allows malicious websites to crash the browser or cause it to behave unexpectedly. This could potentially allow an attacker to disrupt your work or access to sensitive information. Update to the latest version to fix the issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
mozilla	firefox	<= 148.0	–
mozilla	thunderbird	<= 148.0	–

Original title

Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

Original description

Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

nvd CVSS3.1 9.8

Vulnerability type

CWE-824

https://bugzilla.mozilla.org/show_bug.cgi?id=2014549 Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-13/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-16/ Vendor Advisory

Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026