Firefox and Thunderbird: Graphics Text Memory Leak

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.1

Firefox and Thunderbird: Graphics Text Memory Leak

CVE-2026-2806

Summary

Old versions of Firefox and Thunderbird have a memory leak in their graphics text feature. This means that sensitive information could be exposed if an attacker exploits this weakness. To protect yourself, update to the latest version of either browser as soon as possible.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
mozilla	firefox	<= 148.0	–
mozilla	thunderbird	<= 148.0	–

Original title

Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

Original description

Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

nvd CVSS3.1 9.1

Vulnerability type

CWE-908 Use of Uninitialized Resource

CWE-457

https://bugzilla.mozilla.org/show_bug.cgi?id=2006199 Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-13/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-16/ Vendor Advisory

Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026