Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Firefox and Thunderbird Memory Corruption Bugs Allow Malicious Code Execution
CVE-2026-2807
Summary
Older versions of Firefox and Thunderbird contain bugs that can cause memory corruption, potentially allowing attackers to run unauthorized code. This affects Firefox and Thunderbird versions prior to 148. Update to the latest version to protect against potential exploitation.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| mozilla | firefox | <= 148.0 | – |
| mozilla | thunderbird | <= 148.0 | – |
Original title
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited...
Original description
Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148 and Thunderbird < 148.
nvd CVSS3.1
9.8
Vulnerability type
CWE-787
Out-of-bounds Write
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026