Memory Safety Vulnerability in Firefox and Thunderbird by Mozilla
CVE-2026-2792

Currently unrated

Key Information:

Vendor

Mozilla
Status
Firefox
Firefox Esr
Thunderbird
Vendor
CVE Published:
24 February 2026

What is CVE-2026-2792?

The vulnerability involves memory safety bugs in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147, and Thunderbird 147. These bugs exhibit signs of memory corruption, suggesting that with appropriate exploitation efforts, they could potentially lead to arbitrary code execution. Users of versions prior to Firefox 148 and Thunderbird 148, as well as their respective ESR versions, should take immediate action to update and secure their systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Firefox < 148

Firefox ESR < 140.8

Thunderbird < 148

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=2008912%2...
https://www.mozilla.org/security/advisories/mfsa2026-13/
https://www.mozilla.org/security/advisories/mfsa2026-15/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Andrew McCreight, Maurice Dauer, Olli Pettay, Ryan Hunt
JSON
.