PatchSiren cyber security CVE debrief
CVE-2026-2793 Mozilla CVE debrief
CVE-2026-2793 is a critical vulnerability affecting multiple Mozilla products, including Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147, and Thunderbird 147. The vulnerability is caused by memory safety bugs, some of which showed evidence of memory corruption. If exploited, these bugs could potentially allow attackers to run arbitrary code. The vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. Users of affected products should update to the latest versions to mitigate this vulnerability.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-24
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-02-24
- Advisory updated
- 2026-06-30
Who should care
This vulnerability affects users of Mozilla's Firefox ESR, Thunderbird ESR, and Firefox products. Specifically, users of Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147, and Thunderbird 147 are at risk. Given the critical severity and potential for arbitrary code execution, administrators and users of these products should prioritize updating to the patched versions.
Technical summary
CVE-2026-2793 is a critical vulnerability caused by memory safety bugs in multiple Mozilla products. The bugs could lead to memory corruption and potentially allow for arbitrary code execution. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 9.8, indicating a high severity. The vulnerability was publicly disclosed on February 24, 2026, and has since been modified on June 30, 2026. Affected products include Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147, and Thunderbird 147. Patched versions are available in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
Defensive priority
High. This critical vulnerability requires immediate attention due to its potential for arbitrary code execution. Updating to the patched versions is essential to mitigate the risk.
Recommended defensive actions
- Update Firefox to version 148 or later.
- Update Firefox ESR to version 115.33 or later.
- Update Firefox ESR to version 140.8 or later.
- Update Thunderbird to version 148 or later.
- Update Thunderbird ESR to version 140.8 or later.
Evidence notes
The CVE record and NVD detail provide comprehensive information about the vulnerability, including its description, affected products, and patched versions. Mozilla's security advisories (MFSA2026-13 to MFSA2026-17) offer detailed guidance on the vulnerability and mitigation steps. Red Hat errata (RHSA-2026:3338 and others) also provide information on patched versions for Red Hat Enterprise Linux users.
Official resources
-
CVE-2026-2793 CVE record
CVE.org
-
CVE-2026-2793 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Broken Link
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.