Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Firefox, Thunderbird: Memory Corruption Could Allow Code Execution
CVE-2026-2792
Summary
Firefox and Thunderbird versions prior to the latest updates contain memory safety bugs that could potentially allow hackers to execute unauthorized code. This affects Firefox versions before 148 and Thunderbird versions before 140.8. Update to the latest version to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| mozilla | firefox | <= 140.8.0 | – |
| mozilla | firefox | <= 148.0 | – |
| mozilla | thunderbird | <= 140.8.0 | – |
| mozilla | thunderbird | <= 148.0 | – |
Original title
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effo...
Original description
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
nvd CVSS3.1
9.8
Vulnerability type
CWE-787
Out-of-bounds Write
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C20... Broken Link
- https://www.mozilla.org/security/advisories/mfsa2026-13/ Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-15/ Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-16/ Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-17/ Vendor Advisory
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026