PT-2026-2647 · Mozilla+3 · Firefox Esr+4

Irvan Kurniawan

·

Published

2026-01-13

·

Updated

2026-03-18

·

CVE-2026-0885

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 147 Firefox ESR versions prior to 140.7
Description A use-after-free issue exists in the JavaScript: GC component. This condition may lead to unexpected behavior or potentially allow for arbitrary code execution.
Recommendations Update Firefox to version 147 or later. Update Firefox ESR to version 140.7 or later.

Fix

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2026:0667
ALSA-2026:0694
ALSA-2026:0924
ALSA-2026:2220
ALSA-2026:2271
ALSA-2026:2286
BDU:2026-06697
CVE-2026-0885
MGASA-2026-0013
MGASA-2026-0014
OESA-2026-1085
OESA-2026-1086
OESA-2026-1087
OESA-2026-1088
OESA-2026-1089
OESA-2026-1090
OESA-2026-1264
OESA-2026-1285
OPENSUSE-SU-2026:10037-1
OPENSUSE-SU-2026:10046-1
OPENSUSE-SU-2026:10058-1
OPENSUSE-SU-2026:20041-1
OPENSUSE-SU-2026:20391-1
RHSA-2026:0667
RHSA-2026:0694
RHSA-2026:0924
RHSA-2026:1320
RHSA-2026:1413
RHSA-2026:1414
RHSA-2026:1415
RHSA-2026:1461
RHSA-2026:1462
RHSA-2026:1471
RHSA-2026:1487
RHSA-2026:2041
RHSA-2026:2043
RHSA-2026:2044
RHSA-2026:2047
RHSA-2026:2069
RHSA-2026:2070
RHSA-2026:2073
RHSA-2026:2074
RHSA-2026:2220
RHSA-2026:2231
RHSA-2026:2271
RHSA-2026:2286
SUSE-SU-2026:0122-1
SUSE-SU-2026:0153-1
SUSE-SU-2026:0260-1
SUSE-SU-2026:20086-1
USN-7991-1

Affected Products

Firefox
Firefox Esr
Linuxmint
Rocky Linux
Ubuntu