PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-2792 Mozilla CVE debrief

CVE-2026-2792 is a critical vulnerability affecting Mozilla's Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147, and Thunderbird 147. The issue involves memory safety bugs that could lead to memory corruption and potentially allow attackers to execute arbitrary code. This vulnerability was addressed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. The CVSS score for this vulnerability is 9.8, indicating a high severity level. Users and administrators are advised to update their affected products to the latest versions to mitigate this vulnerability.

Vendor
Mozilla
Product
Firefox
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-02-24
Original CVE updated
2026-06-30
Advisory published
2026-02-24
Advisory updated
2026-06-30

Who should care

This vulnerability affects users of Mozilla's Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147, and Thunderbird 147. Organizations and individuals using these products should prioritize updating to the patched versions to prevent potential exploitation. Given the critical severity and high CVSS score, immediate action is recommended.

Technical summary

The CVE-2026-2792 vulnerability is caused by memory safety bugs in the affected Mozilla products. These bugs could lead to memory corruption, and with sufficient effort, could potentially be exploited to run arbitrary code. The vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a high impact on confidentiality, integrity, and availability. This vulnerability is associated with CWE-787.

Defensive priority

High. Immediate patching of affected systems is recommended due to the critical severity and potential for code execution.

Recommended defensive actions

  • Update Firefox to version 148 or later.
  • Update Firefox ESR to version 140.8 or later.
  • Update Thunderbird to version 148 or later.
  • Update Thunderbird ESR to version 140.8 or later.
  • Ensure all users and administrators apply the patches as soon as possible.

Evidence notes

The CVE-2026-2792 vulnerability was publicly disclosed on 2026-02-24 and modified on 2026-06-30. The vulnerability affects multiple Mozilla products, including Firefox and Thunderbird, across various versions. The CVSS score of 9.8 indicates a critical severity level. Fixes were released in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Official resources

This article is AI-assisted and based on the supplied source corpus.