PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-2793 Mozilla CVE debrief

CVE-2026-2793 is a critical vulnerability affecting multiple Mozilla products, including Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147, and Thunderbird 147. The vulnerability is caused by memory safety bugs, some of which showed evidence of memory corruption. If exploited, these bugs could potentially allow attackers to run arbitrary code. The vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. Users of affected products should update to the latest versions to mitigate this vulnerability.

Vendor
Mozilla
Product
Firefox
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-02-24
Original CVE updated
2026-06-30
Advisory published
2026-02-24
Advisory updated
2026-06-30

Who should care

This vulnerability affects users of Mozilla's Firefox ESR, Thunderbird ESR, and Firefox products. Specifically, users of Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147, and Thunderbird 147 are at risk. Given the critical severity and potential for arbitrary code execution, administrators and users of these products should prioritize updating to the patched versions.

Technical summary

CVE-2026-2793 is a critical vulnerability caused by memory safety bugs in multiple Mozilla products. The bugs could lead to memory corruption and potentially allow for arbitrary code execution. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 9.8, indicating a high severity. The vulnerability was publicly disclosed on February 24, 2026, and has since been modified on June 30, 2026. Affected products include Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147, and Thunderbird 147. Patched versions are available in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Defensive priority

High. This critical vulnerability requires immediate attention due to its potential for arbitrary code execution. Updating to the patched versions is essential to mitigate the risk.

Recommended defensive actions

  • Update Firefox to version 148 or later.
  • Update Firefox ESR to version 115.33 or later.
  • Update Firefox ESR to version 140.8 or later.
  • Update Thunderbird to version 148 or later.
  • Update Thunderbird ESR to version 140.8 or later.

Evidence notes

The CVE record and NVD detail provide comprehensive information about the vulnerability, including its description, affected products, and patched versions. Mozilla's security advisories (MFSA2026-13 to MFSA2026-17) offer detailed guidance on the vulnerability and mitigation steps. Red Hat errata (RHSA-2026:3338 and others) also provide information on patched versions for Red Hat Enterprise Linux users.

Official resources

This article is AI-assisted and based on the supplied source corpus.