Description
Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148.0.2.
Published: 2026-03-10
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Code Execution
Action: Immediate Patch
AI Analysis

Impact

Memory safety bugs in Mozilla Firefox allowed malicious content to corrupt memory, potentially enabling an attacker to execute arbitrary code. The flaws fall under CWE‑119 and CWE‑416, indicating buffer overflows and use‑after‑free conditions. The official assessment suggests that a skilled attacker could exploit these weaknesses to gain full control over the vulnerable instance.

Affected Systems

Mozilla Firefox versions prior to 148.0.2 are vulnerable. The issue has been fixed in Firefox 148.0.2, so any installation older than that release is at risk. Current users of the 148.0.2 or later releases are not affected.

Risk and Exploitability

The CVSS score of 8.8 highlights a high severity, with almost no exploitation probability reported in EPSS (<1%). The vulnerability is not listed in the CISA KEV catalog, indicating no publicly known active exploits yet. Attackers would most likely target users via crafted web content or malicious extensions that trigger the memory corruptions, as the bug operates in the rendering engine and extension handling pathways.

Generated by OpenCVE AI on April 15, 2026 at 15:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Mozilla Firefox to version 148.0.2 or later.
  • Enable automatic updates to receive future security patches promptly.
  • Restrict or review installed extensions and disable any that are not trusted, reducing the attack surface while waiting for the update.

Generated by OpenCVE AI on April 15, 2026 at 15:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148.0.2. Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 148.0.2.

Wed, 11 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 10 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-416
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148.0.2.
Title Memory safety bugs fixed in Firefox 148.0.2
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T13:54:06.636Z

Reserved: 2026-03-09T19:33:24.537Z

Link: CVE-2026-3847

cve-icon Vulnrichment

Updated: 2026-03-10T15:40:30.695Z

cve-icon NVD

Status : Modified

Published: 2026-03-10T18:19:05.837

Modified: 2026-04-13T15:17:35.143

Link: CVE-2026-3847

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T17:00:07Z

Weaknesses