CVE Catalog

CVE-2026-2767

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile - higher than 30% of all known CVEs

Summary

A use-after-free vulnerability was found in the JavaScript: WebAssembly component, fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Risk Assessment

An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service, posing a serious risk to data confidentiality and integrity.

Recommendation

Immediately update Firefox to version 148 or later and Thunderbird to version 148 or 140.8.

Original NVD description (English source)

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS