PT-2026-21704 · Mozilla+2 · Firefox+4

Michele Spagnuolo

+1

·

Published

2026-01-01

·

Updated

2026-04-17

·

CVE-2026-2771

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 115.33 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8
Description An undefined behavior issue exists within the DOM: Core & HTML component. This can lead to unpredictable program behavior and potentially compromise system integrity.
Recommendations Update Firefox to version 148 or later. Update Firefox ESR to version 115.33 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird to version 140.8 or later.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2026:3338
ALSA-2026:3339
ALSA-2026:3361
ALSA-2026:3515
ALSA-2026:3516
ALSA-2026:3517
BDU:2026-07228
CVE-2026-2771
MGASA-2026-0052
MGASA-2026-0053
OESA-2026-1471
OESA-2026-1472
OESA-2026-1473
OESA-2026-1474
OESA-2026-1539
OESA-2026-1540
OPENSUSE-SU-2026:10242-1
OPENSUSE-SU-2026:10248-1
OPENSUSE-SU-2026:10257-1
OPENSUSE-SU-2026:20365-1
OPENSUSE-SU-2026:20391-1
RHSA-2026:3338
RHSA-2026:3339
RHSA-2026:3361
RHSA-2026:3491
RHSA-2026:3492
RHSA-2026:3493
RHSA-2026:3494
RHSA-2026:3495
RHSA-2026:3496
RHSA-2026:3497
RHSA-2026:3515
RHSA-2026:3516
RHSA-2026:3517
RHSA-2026:3976
RHSA-2026:3978
RHSA-2026:3979
RHSA-2026:3980
RHSA-2026:3981
RHSA-2026:3982
RHSA-2026:3983
RHSA-2026:3984
RHSA-2026:4022
RHSA-2026:4152
RHSA-2026:4260
RHSA-2026:4432
SUSE-SU-2026:0812-1
SUSE-SU-2026:0871-1
SUSE-SU-2026:0880-1

Affected Products

Firefox
Firefox Esr
Red Os
Rocky Linux
Thunderbird