CVE Catalog
CVE-2026-2796
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.63%
45th percentile - higher than 45% of all known CVEs
Summary
A JIT miscompilation vulnerability exists in the JavaScript: WebAssembly component of Firefox and Thunderbird. This flaw was fixed in versions 148 of both products.
Risk Assessment
The organization may face unpredictable browser or email client behavior, potentially allowing an attacker to execute malicious WebAssembly code in an uncontrolled manner.
Recommendation
Immediately update Firefox and Thunderbird to version 148 or later to remediate the vulnerability.
Original NVD description (English source)
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

