CVE Catalog

CVE-2026-2797

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

23th percentile - higher than 23% of all known CVEs

Summary

A use-after-free vulnerability was found in the JavaScript: GC component of Firefox and Thunderbird. This flaw was fixed in versions 148 of both applications.

Risk Assessment

An attacker could exploit this vulnerability to execute arbitrary code remotely or cause a denial of service, compromising system confidentiality and availability.

Recommendation

Immediately update Firefox and Thunderbird to version 148 or later.

Original NVD description (English source)

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS