CVE-2026-2796

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Thunderbird versions prior to 148

Description A JIT miscompilation issue exists in the JavaScript: WebAssembly component. JIT (Just-In-Time) compilation is a method used by browsers to improve execution speed by compiling code during runtime. This flaw can lead to a sequence of failures including use-after-free, type confusion, memory leak, and arbitrary read/write, potentially resulting in remote code execution.

Recommendations Update Firefox to version 148 or later. Update Thunderbird to version 148 or later.