CVE-2026-2771
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk38th percentile - higher than 38% of all known CVEs
Summary
Undefined behavior exists in the DOM: Core & HTML component of Firefox and Thunderbird. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
Risk Assessment
Undefined behavior in the DOM could lead to unexpected browser or mail client behavior, potentially allowing an attacker to execute code or destabilize the system.
Recommendation
Immediately update Firefox to version 148 or later, and Firefox ESR to version 115.33/140.8. Update Thunderbird to version 148 or 140.8.
Original NVD description (English source)
Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

