CVE Catalog

CVE-2026-2771

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.48%

38th percentile - higher than 38% of all known CVEs

Summary

Undefined behavior exists in the DOM: Core & HTML component of Firefox and Thunderbird. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Risk Assessment

Undefined behavior in the DOM could lead to unexpected browser or mail client behavior, potentially allowing an attacker to execute code or destabilize the system.

Recommendation

Immediately update Firefox to version 148 or later, and Firefox ESR to version 115.33/140.8. Update Thunderbird to version 148 or 140.8.

Original NVD description (English source)

Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS