Firefox and Thunderbird Can Crash Due to JavaScript Memory Error

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Firefox and Thunderbird Can Crash Due to JavaScript Memory Error

CVE-2026-2795

Summary

Using Firefox or Thunderbird versions less than 148 can lead to a crash if a malicious website exploits a memory error in the JavaScript engine. This can result in data loss or system instability. Update to the latest version to fix the issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
mozilla	firefox	<= 148.0	–
mozilla	thunderbird	<= 148.0	–

Original title

Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

Original description

Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

nvd CVSS3.1 9.8

Vulnerability type

CWE-416 Use After Free

https://bugzilla.mozilla.org/show_bug.cgi?id=2010940 Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-13/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-16/ Vendor Advisory

Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026