CVE-2026-2799 - Vulnerability Details

- Use-after-free in the DOM: Core & HTML component

Description

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Published: 2026-02-24

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability is a use‑after‑free flaw in the DOM: Core & HTML component as identified by CWE‑416. The description implies it may corrupt memory or overwrite data structures when triggered, which could potentially let an attacker execute arbitrary code or crash the application. Based on the description, it is inferred that the likely attack vector involves malicious web content or local scripts that interact with the vulnerable component. The impact includes loss of confidentiality, integrity, and availability for affected users.

Affected Systems

All Mozilla Firefox and Thunderbird releases before version 148 are affected. The issue is fixed starting with Firefox 148 and Thunderbird 148. Users on older versions are at risk if they browse the internet or receive email from untrusted sources.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity rating. The EPSS score of less than 1% suggests that widespread exploitation is unlikely at present, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation could be possible through crafted web pages or local applications that trigger the use‑after‑free, potentially leading to code execution or denial of service. Security teams should treat this as a high‑priority issue for affected installations.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Mozilla

Firefox

affected

Version	Status	Constraints
`148`	unaffected	≤ *

Mozilla

Thunderbird

affected

Version	Status	Constraints
`148`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox:::::-:::*
	cpe:2.3:a:mozilla:thunderbird:::::-:::*

No data.

Vendor Product Confidence Versions

Mozilla

Firefox

100%

Version	Status	Scheme	Platform
`[0,148)`	affected	generic	—

Mozilla

Thunderbird

100%

Version	Status	Scheme	Platform
`[0,148)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install the latest Mozilla Firefox 148 or later releases, which include the fix for the use‑after‑free flaw.
Upgrade to Mozilla Thunderbird 148 or later releases to ensure the DOM component is protected.
If an upgrade is temporarily infeasible, restrict browsers to trusted domains or use content‑security policies that prevent the execution of dangerous script contexts until the fix is applied.

Generated by OpenCVE AI on April 15, 2026 at 16:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00019.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=2014551
https://nvd.nist.gov/vuln/detail/CVE-2026-2799
https://www.cve.org/CVERecord?id=CVE-2026-2799
https://www.mozilla.org/security/advisories/mfsa2026-13/
https://www.mozilla.org/security/advisories/mfsa2026-13/#CVE-2026-2799
https://www.mozilla.org/security/advisories/mfsa2026-16/
https://www.mozilla.org/security/advisories/mfsa2026-16/#CVE-2026-2799

History

Mon, 13 Apr 2026 14:30:00 +0000

Type	Values Removed	Values Added
Description	Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.	Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Sat, 28 Feb 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2026-2799 https://www.cve.org/CVERecord?id=CVE-2026-2799 https://www.mozilla.org/security/advisories/mfsa2026-13/#CVE-2026-2799 https://www.mozilla.org/security/advisories/mfsa2026-16/#CVE-2026-2799
Metrics	threat_severity `None`	threat_severity `Important`

Fri, 27 Feb 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Wed, 25 Feb 2026 19:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416
CPEs		cpe:2.3:a:mozilla:firefox:::::-:::* cpe:2.3:a:mozilla:thunderbird:::::-:::*
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Wed, 25 Feb 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla Mozilla firefox Mozilla thunderbird
Vendors & Products		Mozilla Mozilla firefox Mozilla thunderbird

Tue, 24 Feb 2026 18:00:00 +0000

Type	Values Removed	Values Added
Description	Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148.	Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
References		https://www.mozilla.org/security/advisories/mfsa2026-16/

Tue, 24 Feb 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148.
Title		Use-after-free in the DOM: Core & HTML component
References		https://bugzilla.mozilla.org/show_bug.cgi?id=2014551 https://www.mozilla.org/security/advisories/mfsa2026-13/

Subscriptions

Mozilla Firefox Thunderbird

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2026-02-24T13:33:28.665Z

Updated: 2026-04-13T13:54:22.045Z

Reserved: 2026-02-19T15:06:49.658Z

Link: CVE-2026-2799

Vulnrichment

Updated: 2026-02-26T20:15:47.526Z

NVD

Status : Modified

Published: 2026-02-24T14:16:28.400

Modified: 2026-04-13T15:17:30.013

Link: CVE-2026-2799

Redhat

Severity : Important

Publid Date: 2026-02-24T13:33:28Z

Links: CVE-2026-2799 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-15T17:15:10Z

Weaknesses

CWE-416

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object