CVE-2026-2779

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8

Description The software contains incorrect boundary conditions within the Networking: JAR component. This issue could potentially allow for unexpected behavior or security implications due to improper handling of data boundaries.

Recommendations Update Firefox to version 148 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird to version 140.8 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2026:3338

ALSA-2026:3339

ALSA-2026:3361

ALSA-2026:3515

ALSA-2026:3516

ALSA-2026:3517

CVE-2026-2779

MGASA-2026-0052

MGASA-2026-0053

OESA-2026-1471

OESA-2026-1472

OESA-2026-1473

OESA-2026-1474

OESA-2026-1539

OESA-2026-1540

OPENSUSE-SU-2026:10242-1

OPENSUSE-SU-2026:10248-1

OPENSUSE-SU-2026:10257-1

OPENSUSE-SU-2026:20365-1

OPENSUSE-SU-2026:20391-1

RHSA-2026:3338

RHSA-2026:3339

RHSA-2026:3361

RHSA-2026:3491

RHSA-2026:3492

RHSA-2026:3493

RHSA-2026:3494

RHSA-2026:3495

RHSA-2026:3496

RHSA-2026:3497

RHSA-2026:3515

RHSA-2026:3516

RHSA-2026:3517

RHSA-2026:3976

RHSA-2026:3978

RHSA-2026:3979

RHSA-2026:3980

RHSA-2026:3981

RHSA-2026:3982

RHSA-2026:3983

RHSA-2026:3984

RHSA-2026:4022

RHSA-2026:4152

RHSA-2026:4260

RHSA-2026:4432

SUSE-SU-2026:0812-1

SUSE-SU-2026:0871-1

SUSE-SU-2026:0880-1

Affected Products

Firefox

Firefox Esr

Thunderbird

CVE-2026-2779

Weakness Enumeration

Related Identifiers

Affected Products

References · 261