PT-2026-21725 · Mozilla · Firefox+3

Andrew Mccreight

Published

2026-01-01

Updated

2026-03-18

CVE-2026-2792

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird ESR versions prior to 140.8

Description The software contains memory safety bugs that exhibit evidence of memory corruption. It is presumed that, with sufficient effort, these bugs could be exploited to execute arbitrary code.

Recommendations Update Firefox to version 148 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird ESR to version 140.8 or later.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2026:3338

ALSA-2026:3339

ALSA-2026:3361

ALSA-2026:3515

ALSA-2026:3516

ALSA-2026:3517

CVE-2026-2792

MGASA-2026-0052

MGASA-2026-0053

OESA-2026-1471

OESA-2026-1472

OESA-2026-1473

OESA-2026-1474

OESA-2026-1539

OESA-2026-1540

OPENSUSE-SU-2026:10242-1

OPENSUSE-SU-2026:10248-1

OPENSUSE-SU-2026:10257-1

OPENSUSE-SU-2026:20365-1

OPENSUSE-SU-2026:20391-1

RHSA-2026:3338

RHSA-2026:3339

RHSA-2026:3361

RHSA-2026:3491

RHSA-2026:3492

RHSA-2026:3493

RHSA-2026:3494

RHSA-2026:3495

RHSA-2026:3496

RHSA-2026:3497

RHSA-2026:3515

RHSA-2026:3516

RHSA-2026:3517

RHSA-2026:3976

RHSA-2026:3978

RHSA-2026:3979

RHSA-2026:3980

RHSA-2026:3981

RHSA-2026:3982

RHSA-2026:3983

RHSA-2026:3984

RHSA-2026:4022

RHSA-2026:4152

RHSA-2026:4260

RHSA-2026:4432

SUSE-SU-2026:0812-1

SUSE-SU-2026:0871-1

SUSE-SU-2026:0880-1

Affected Products

Firefox

Firefox Esr

Thunderbird

Thunderbird Esr

PT-2026-21725 · Mozilla · Firefox+3

CVE-2026-2792

Weakness Enumeration

Related Identifiers

Affected Products

References · 261