Firefox and Thunderbird: Invalid Pointer Can Crash Browser

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.8

Firefox and Thunderbird: Invalid Pointer Can Crash Browser

CVE-2026-2785

Summary

This issue affects older versions of Firefox and Thunderbird. If exploited, it can cause the browser to unexpectedly crash or freeze, potentially disrupting work and productivity. To fix this, update to the latest version of Firefox or Thunderbird.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
mozilla	firefox	<= 140.8.0	–
mozilla	firefox	<= 148.0	–
mozilla	thunderbird	<= 140.8.0	–
mozilla	thunderbird	<= 148.0	–

Original title

Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

Original description

Invalid pointer in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

nvd CVSS3.1 9.8

Vulnerability type

CWE-824

https://bugzilla.mozilla.org/show_bug.cgi?id=2013549 Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-13/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-15/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-16/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-17/ Vendor Advisory

Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026