Mozilla · Firefox · CVE-2026-2784
**Name of the Vulnerable Software and Affected Versions**
Firefox versions prior to 148
Firefox ESR versions prior to 140.8
Thunderbird versions prior to 148
Thunderbird versions prior to 140.8
**Description**
A mitigation bypass exists in the DOM within the Security component. This issue impacts Firefox and Thunderbird.
**Recommendations**
Update Firefox to version 148 or later.
Update Firefox ESR to version 140.8 or later.
Update Thunderbird to version 148 or later.
Update Thunderbird to version 140.8 or later.