🚨 CVE-2026-2758
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
2009608 - (CVE-2026-2758) Crash [@ js::gc::PreWriteBarrierImpl]
RESOLVED (jcoppeard) in Core - JavaScript: GC. Last updated 2026-05-28.
🚨 CVE-2026-2759
Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
2010933 - (CVE-2026-2759) Out-of-bounds read in AVIFDecoderStream::ReadAt due to missing offset validation
RESOLVED (tnikkel) in Core - Graphics: ImageLib. Last updated 2026-07-06.
🚨 CVE-2026-2760
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
2011062 - (CVE-2026-2760) OOBW/R due to invalid yuv conversion (sandbox escape)
RESOLVED (bwerth) in Core - Graphics: WebRender. Last updated 2026-05-28.
🚨 CVE-2026-2761
Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
2011063 - (CVE-2026-2761) OOBR due to unvalidated format in webrender api (Sandbox escape)
RESOLVED (bwerth) in Core - Graphics: WebRender. Last updated 2026-05-28.
🚨 CVE-2026-2762
Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Integer overflow in the JavaScript: Standard Library component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
2011649 - (CVE-2026-2762) EncodeForRegExpEscape output length size computation can overflow in 32-bit builds
RESOLVED (andrebargull) in Core - JavaScript: Standard Library. Last updated 2026-05-28.
🚨 CVE-2026-2763
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2012018. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-2764
JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2012608. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-2765
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2013562. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-2766
Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2013583. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-2767
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
2013741 - (CVE-2026-2767) Missing Pre-Barrier in Baseline `array.fill` Allows Use-After-Free During Incremental GC
RESOLVED (bvisness) in Core - JavaScript: WebAssembly. Last updated 2026-05-28.
🚨 CVE-2026-2769
Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2014550. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-2770
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2014585. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-2771
Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2014593. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-2772
Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2014827. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-2773
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2014832. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-2774
Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2014883. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-2775
Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
Access Denied
You are not authorized to access bug 2015199. To see this bug, you must
first log in to an account with the appropriate permissions.
first log in to an account with the appropriate permissions.
🚨 CVE-2026-2776
Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
2015266 - (CVE-2026-2776) CombinedStacks OOB Write/Read via GetUntrustedModulesData IPC (Windows-only)
RESOLVED (gstoll) in External Software Affecting Firefox - Telemetry. Last updated 2026-05-28.
🚨 CVE-2026-2777
Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
2015305 - (CVE-2026-2777) Compromised content process installs arbitrary WebExtensions or homepage hijacks (1-click) via About…
RESOLVED (shughes) in Firefox - Messaging System. Last updated 2026-05-28.
🚨 CVE-2026-2778
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
bugzilla.mozilla.org
2016358 - (CVE-2026-2778) StructuredCloneBlob OOB Heap Read via Crafted blobCount
RESOLVED (continuation) in Core - DOM: Core & HTML. Last updated 2026-05-28.
🚨 CVE-2026-2792
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify
Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
🎖@cveNotify