CVE Catalog

CVE-2026-2796

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.63%

45th percentile - higher than 45% of all known CVEs

Summary

A JIT miscompilation vulnerability exists in the JavaScript: WebAssembly component of Firefox and Thunderbird. This flaw was fixed in versions 148 of both products.

Risk Assessment

The organization may face unpredictable browser or email client behavior, potentially allowing an attacker to execute malicious WebAssembly code in an uncontrolled manner.

Recommendation

Immediately update Firefox and Thunderbird to version 148 or later to remediate the vulnerability.

Original NVD description (English source)

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS