Home / Vulnerability Intelligence / CVE-2026-2793

CVE-2026-2793 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 25, 2026

Mozilla Firefox & Thunderbird - Remote Code Execution

Published: February 24, 2026Updated: February 25, 2026Remote Exploitable

Overview

Mozilla Firefox < 148, Firefox ESR < 115.33 and < 140.8, and Thunderbird ESR < 140.8 contain memory safety bugs causing memory corruption, letting attackers potentially execute arbitrary code remotely, exploit requires no special privileges.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Attackers can exploit memory corruption to execute arbitrary code, potentially leading to full system compromise.

Mitigation

Update to Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8 or later.

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=2015196%2C2016423%2C2016498
https://www.mozilla.org/security/advisories/mfsa2026-13/
https://www.mozilla.org/security/advisories/mfsa2026-14/
https://www.mozilla.org/security/advisories/mfsa2026-15/
https://www.mozilla.org/security/advisories/mfsa2026-16/
https://www.mozilla.org/security/advisories/mfsa2026-17/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-2793
Severity: Critical
CVSS Score: 9.8
Type: undefined
Status: modified

CWE

CWE-787

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H