Firefox, Thunderbird: WebAssembly JavaScript Error Causes Crashes

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

Firefox, Thunderbird: WebAssembly JavaScript Error Causes Crashes

CVE-2026-2801

Summary

Using Firefox or Thunderbird versions before 148 can cause a crash when encountering certain JavaScript code. This can lead to a denial of service, making the affected application unusable. Update to the latest version (at least 148) to fix the issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
mozilla	firefox	<= 148.0	–
mozilla	thunderbird	<= 148.0	–

Original title

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

Original description

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

nvd CVSS3.1 7.5

Vulnerability type

CWE-754

https://bugzilla.mozilla.org/show_bug.cgi?id=2009901 Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-13/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-16/ Vendor Advisory

Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026