PatchSiren cyber security CVE debrief
CVE-2026-2797 Mozilla CVE debrief
CVE-2026-2797 is a critical use-after-free vulnerability in the JavaScript: GC component of Firefox and Thunderbird. The vulnerability was fixed in Firefox 148 and Thunderbird 148. This vulnerability has a CVSS score of 9.8 and a severity of CRITICAL. The CVE was published on 2026-02-24T14:16:28.200Z and last modified on 2026-06-30T03:18:21.253Z. The vulnerability affects Firefox and Thunderbird versions prior to 148.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-24
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-02-24
- Advisory updated
- 2026-06-30
Who should care
Organizations and individuals using Firefox and Thunderbird should prioritize patching this vulnerability, as it can be exploited remotely without authentication. The vulnerability's high CVSS score and critical severity indicate a significant risk to affected systems. Users of Firefox and Thunderbird should ensure they are running version 148 or later to mitigate this vulnerability.
Technical summary
CVE-2026-2797 is a use-after-free vulnerability in the JavaScript: GC component of Firefox and Thunderbird. This type of vulnerability occurs when a program attempts to access memory that has already been freed or deleted. An attacker could potentially exploit this vulnerability to execute arbitrary code on an affected system. The vulnerability is addressed in Firefox 148 and Thunderbird 148. The Common Vulnerabilities and Exposures (CVE) score for this vulnerability is 9.8, indicating a high severity. The vulnerability is tracked under CWE-416.
Defensive priority
High priority should be given to patching CVE-2026-2797, as it is a critical vulnerability with a high CVSS score. Organizations should ensure that all instances of Firefox and Thunderbird are updated to version 148 or later as soon as possible.
Recommended defensive actions
- Update Firefox to version 148 or later.
- Update Thunderbird to version 148 or later.
- Verify that all instances of Firefox and Thunderbird are patched.
- Monitor for any suspicious activity related to this vulnerability.
- Consider implementing additional security measures, such as restricting access to sensitive data and systems.
Evidence notes
The CVE-2026-2797 vulnerability was identified in the JavaScript: GC component of Firefox and Thunderbird. The vulnerability has a CVSS score of 9.8 and is considered CRITICAL. The CVE was published on 2026-02-24T14:16:28.200Z and last modified on 2026-06-30T03:18:21.253Z. The vulnerability affects Firefox and Thunderbird versions prior to 148. The fix for this vulnerability is included in Firefox 148 and Thunderbird 148.
Official resources
-
CVE-2026-2797 CVE record
CVE.org
-
CVE-2026-2797 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Permissions Required
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.