CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-5735 – Memory safety bugs fixed in Firefox 149.0.2 and Thunderbird 149.0.2
https://notcve.org/view.php?id=CVE-2026-5735
07 Apr 2026 — Memory safety bugs present in Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=2025475%2C2025477 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2026-5734 – Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2
https://notcve.org/view.php?id=CVE-2026-5734
07 Apr 2026 — Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-2807 – Memory safety bugs fixed in Firefox 148 and Thunderbird 148
https://notcve.org/view.php?id=CVE-2026-2807
24 Feb 2026 — Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148 and Thunderbird < 148. Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1756056%2C1999402%2C2004872%2C2006037%2C2012855 • CWE-787: Out-of-bounds Write •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2026-2804 – Use-after-free in the JavaScript: WebAssembly component
https://notcve.org/view.php?id=CVE-2026-2804
24 Feb 2026 — Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148. Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. • https://bugzilla.mozilla.org/show_bug.cgi?id=2013584 • CWE-416: Use After Free •
CVSS: 4.2EPSS: 0%CPEs: 2EXPL: 0CVE-2026-2802 – Race condition in the JavaScript: GC component
https://notcve.org/view.php?id=CVE-2026-2802
24 Feb 2026 — Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148. Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. • https://bugzilla.mozilla.org/show_bug.cgi?id=2011069 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-2800 – Spoofing issue in the WebAuthn component in Firefox for Android
https://notcve.org/view.php?id=CVE-2026-2800
24 Feb 2026 — Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148 and Thunderbird < 148. Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148. • https://bugzilla.mozilla.org/show_bug.cgi?id=1988145 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-2798 – Use-after-free in the DOM: Core & HTML component
https://notcve.org/view.php?id=CVE-2026-2798
24 Feb 2026 — Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148. Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. • https://bugzilla.mozilla.org/show_bug.cgi?id=2014136 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2026-2793 – Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
https://notcve.org/view.php?id=CVE-2026-2793
24 Feb 2026 — Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=2015196%2C2016423%2C2016498 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2026-2792 – Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148
https://notcve.org/view.php?id=CVE-2026-2792
24 Feb 2026 — Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C2012331 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2026-2791 – Mitigation bypass in the Networking: Cache component
https://notcve.org/view.php?id=CVE-2026-2791
24 Feb 2026 — Mitigation bypass in the Networking: Cache component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=2015220 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •