2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2790 — Mozilla Firefox: Same-origin policy bypass in the Networking: JAR component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2790

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 346VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2789 — Mozilla Firefox: Use-after-free in the Graphics: ImageLib component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2789

Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2788 — Mozilla Firefox: Incorrect boundary conditions in the Audio/Video: GMP component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2788

Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2787 — Mozilla Firefox: Use-after-free in the DOM: Window and Location component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2787

Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2786 — Mozilla Firefox: Use-after-free in the JavaScript Engine component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2786

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2785 — Mozilla Firefox: Invalid pointer in the JavaScript Engine component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2785

Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 824VNDMozillaVNDInvalidTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2784 — Mozilla Firefox: Mitigation bypass in the DOM: Security component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2784

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288VNDMozillaVNDMitigationTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2782 — Mozilla Firefox: Privilege escalation in the Netmonitor component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2782

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 269VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2781 — Mozilla Firefox: Integer overflow in the Libraries component in NSS.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2781

Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 190VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2780 — Mozilla Firefox: Privilege escalation in the Netmonitor component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2780

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 269VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2779 — Mozilla Firefox: Incorrect boundary conditions in the Networking: JAR component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2779

Incorrect boundary conditions in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2778 — Mozilla Firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2778

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 10.0 (CRITICAL)

CWECWE 119VNDMozillaTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2777 — Mozilla Firefox: Privilege escalation in the Messaging System component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2777

Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 269VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2776 — Mozilla Firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2776

Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 10.0 (CRITICAL)

CWECWE 119VNDMozillaTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2775 — Mozilla Firefox: Mitigation bypass in the DOM: HTML Parser component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2775

Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 288VNDMozillaVNDMitigationTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2774 — Mozilla Firefox: Integer overflow in the Audio/Video component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2774

Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 190VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2773 — Mozilla Firefox: Incorrect boundary conditions in the Web Audio component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2773

Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 119VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2772 — Mozilla Firefox: Use-after-free in the Audio/Video: Playback component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2772

Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2771 — Mozilla Firefox: Undefined behavior in the DOM: Core & HTML component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2771

Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 125VNDMozillaVNDUndefinedTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2770 — Mozilla Firefox: Use-after-free in the DOM: Bindings (WebIDL) component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2770

Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
HIGH

CVE-2026-2769 — Mozilla Firefox: Use-after-free in the Storage: IndexedDB component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2769

Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 8.8 (HIGH)

CWECWE 416VNDMozillaTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2768 — Mozilla Firefox: Sandbox escape in the Storage: IndexedDB component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2768

Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 10.0 (CRITICAL)

CWECWE 284CWECWE 693VNDMozillaTYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2767 — Mozilla Firefox: Use-after-free in the JavaScript: WebAssembly component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2767

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2766 — Mozilla Firefox: Use-after-free in the JavaScript Engine: JIT component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2766

Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2026-02-24
2026-02-24 14:16Z
CRIT

CVE-2026-2765 — Mozilla Firefox: Use-after-free in the JavaScript Engine component.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2026-2765

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. CVSSv3.1 9.8 (CRITICAL)

CWECWE 416VNDMozillaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score