CVE-2026-2792

critical

Description

Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

References

https://www.mozilla.org/security/advisories/mfsa2026-17/

https://www.mozilla.org/security/advisories/mfsa2026-16/

https://www.mozilla.org/security/advisories/mfsa2026-15/

https://www.mozilla.org/security/advisories/mfsa2026-13/

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2792.json

https://bugzilla.redhat.com/show_bug.cgi?id=2442318

https://bugzilla.mozilla.org/buglist.cgi?bug_id=2008912%2C2010050%2C2010275%2C2012331

https://access.redhat.com/security/cve/CVE-2026-2792

https://access.redhat.com/errata/RHSA-2026:4432

https://access.redhat.com/errata/RHSA-2026:4260

https://access.redhat.com/errata/RHSA-2026:4152

https://access.redhat.com/errata/RHSA-2026:4022

https://access.redhat.com/errata/RHSA-2026:3984

https://access.redhat.com/errata/RHSA-2026:3983

https://access.redhat.com/errata/RHSA-2026:3982

https://access.redhat.com/errata/RHSA-2026:3981

https://access.redhat.com/errata/RHSA-2026:3980

https://access.redhat.com/errata/RHSA-2026:3979

https://access.redhat.com/errata/RHSA-2026:3978

https://access.redhat.com/errata/RHSA-2026:3976

https://access.redhat.com/errata/RHSA-2026:3517

https://access.redhat.com/errata/RHSA-2026:3516

https://access.redhat.com/errata/RHSA-2026:3515

https://access.redhat.com/errata/RHSA-2026:3497

https://access.redhat.com/errata/RHSA-2026:3496

https://access.redhat.com/errata/RHSA-2026:3495

https://access.redhat.com/errata/RHSA-2026:3494

https://access.redhat.com/errata/RHSA-2026:3493

https://access.redhat.com/errata/RHSA-2026:3492

https://access.redhat.com/errata/RHSA-2026:3491

https://access.redhat.com/errata/RHSA-2026:3361

https://access.redhat.com/errata/RHSA-2026:3339

https://access.redhat.com/errata/RHSA-2026:3338

Details

Source: Mitre, NVD

Published: 2026-02-24

Updated: 2026-07-15

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00018