Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Firefox & Thunderbird: Data Leaked When Closing Browser Tabs
CVE-2026-2799
Summary
Firefox and Thunderbird users who open malicious web pages and then close tabs may leak sensitive information. This issue is fixed in version 148 and later. Users should update to the latest version to prevent this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| mozilla | firefox | <= 148.0 | – |
| mozilla | thunderbird | <= 148.0 | – |
Original title
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
Original description
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
nvd CVSS3.1
9.8
Vulnerability type
CWE-416
Use After Free
- https://bugzilla.mozilla.org/show_bug.cgi?id=2014551 Permissions Required
- https://www.mozilla.org/security/advisories/mfsa2026-13/ Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2026-16/ Vendor Advisory
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026