CRITICAL
Mozilla
CVE published 2026-02-24
CVE-2026-2786
CVE-2026-2786 is a critical use-after-free vulnerability in Mozilla’s JavaScript Engine component. Mozilla fixed it in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. Based on the NVD CVSS vector, the issue is reachable over the network, requires no privileges, and needs no user interaction, making timely patching important for both browser and mail client deployments.