CVE-2026-2764 - Vulnerability Analysis

Overview

Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8 contain a use-after-free vulnerability caused by JIT miscompilation in the JavaScript Engine's JIT component, letting attackers execute arbitrary code, exploit requires crafted JavaScript execution.

Severity & Score

Impact

Attackers can execute arbitrary code remotely via crafted JavaScript, potentially leading to full system compromise.

Mitigation

Update to Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8 or later.

References

• https://bugzilla.mozilla.org/show_bug.cgi?id=2012608
• https://www.mozilla.org/security/advisories/mfsa2026-13/
• https://www.mozilla.org/security/advisories/mfsa2026-14/
• https://www.mozilla.org/security/advisories/mfsa2026-15/
• https://www.mozilla.org/security/advisories/mfsa2026-16/
• https://www.mozilla.org/security/advisories/mfsa2026-17/

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner