CVE-2026-2786

critical

Published 2026-02-25 · Modified 2026-03-04

CVSS v3

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

—

VIR risk

9.8

Description

Important: thunderbird security update

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2026-3516.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2026-3339.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2026-3515.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2026:3515

vendor Authored 2026-05-27

Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2026-3338.html

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442343

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442342

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442337

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442335

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442334

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442333

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442331

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442329

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442328

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442327

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442326

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442325

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442324

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442322

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442320

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442319

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442318

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442316

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442314

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442313

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442312

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442309

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442308

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442307

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442304

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442302

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442300

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442298

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442297

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442295

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442294

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442292

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442291

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442290

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442288

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442287

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2442284

vendor Authored 2026-05-27

Vendor advisory: alma — https://bugzilla.redhat.com/2440219

vendor Authored 2026-05-27

Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2026:3338

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2026:3339

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2026-2786.html

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2026:3516

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2026-2786

vendor Authored 2026-05-27

Vendor advisory: security@mozilla.org — https://www.mozilla.org/security/advisories/mfsa2026-17/

vendor Authored 2026-05-27

Vendor advisory: security@mozilla.org — https://www.mozilla.org/security/advisories/mfsa2026-16/

vendor Authored 2026-05-27

Vendor advisory: security@mozilla.org — https://www.mozilla.org/security/advisories/mfsa2026-15/

vendor Authored 2026-05-27

Vendor advisory: security@mozilla.org — https://www.mozilla.org/security/advisories/mfsa2026-13/

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2026:3516

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2026:3339

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2026:3338

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2026:3515

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description firefox: thunderbird: Use-after-free in the JavaScript Engine component Red Hat statement Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. CVSS v3: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux…

Description

firefox: thunderbird: Use-after-free in the JavaScript Engine component

Red Hat statement

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

CVSS v3: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 10	`firefox-0:140.8.0-2.el10_1`	RHSA-2026:3361	2026-02-25T00:00:00Z
Red Hat Enterprise Linux 10	`thunderbird-0:140.8.0-2.el10_1`	RHSA-2026:3517	2026-03-02T00:00:00Z
Red Hat Enterprise Linux 10.0 Extended Update Support	`firefox-0:140.8.0-2.el10_0`	RHSA-2026:3976	2026-03-09T00:00:00Z
Red Hat Enterprise Linux 10.0 Extended Update Support	`thunderbird-0:140.8.0-2.el10_0`	RHSA-2026:4260	2026-03-11T00:00:00Z
Red Hat Enterprise Linux 7 Extended Lifecycle Support	`firefox-0:140.8.0-2.el7_9`	RHSA-2026:3984	2026-03-09T00:00:00Z
Red Hat Enterprise Linux 8	`firefox-0:140.8.0-2.el8_10`	RHSA-2026:3338	2026-02-25T00:00:00Z
Red Hat Enterprise Linux 8	`thunderbird-0:140.8.0-1.el8_10`	RHSA-2026:3515	2026-03-02T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support	`firefox-0:140.8.0-2.el8_2`	RHSA-2026:3492	2026-03-02T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support	`thunderbird-0:140.8.0-1.el8_2`	RHSA-2026:4432	2026-03-12T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	`firefox-0:140.8.0-2.el8_4`	RHSA-2026:3491	2026-03-02T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	`thunderbird-0:140.8.0-2.el8_4`	RHSA-2026:3980	2026-03-09T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	`firefox-0:140.8.0-2.el8_4`	RHSA-2026:3491	2026-03-02T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On	`thunderbird-0:140.8.0-2.el8_4`	RHSA-2026:3980	2026-03-09T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	`firefox-0:140.8.0-2.el8_6`	RHSA-2026:3495	2026-03-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support	`thunderbird-0:140.8.0-1.el8_6`	RHSA-2026:3979	2026-03-09T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	`firefox-0:140.8.0-2.el8_6`	RHSA-2026:3495	2026-03-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service	`thunderbird-0:140.8.0-1.el8_6`	RHSA-2026:3979	2026-03-09T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	`firefox-0:140.8.0-2.el8_6`	RHSA-2026:3495	2026-03-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions	`thunderbird-0:140.8.0-1.el8_6`	RHSA-2026:3979	2026-03-09T00:00:00Z
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	`firefox-0:140.8.0-2.el8_8`	RHSA-2026:3494	2026-03-02T00:00:00Z
Red Hat Enterprise Linux 8.8 Telecommunications Update Service	`thunderbird-0:140.8.0-1.el8_8`	RHSA-2026:4022	2026-03-09T00:00:00Z
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	`firefox-0:140.8.0-2.el8_8`	RHSA-2026:3494	2026-03-02T00:00:00Z
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions	`thunderbird-0:140.8.0-1.el8_8`	RHSA-2026:4022	2026-03-09T00:00:00Z
Red Hat Enterprise Linux 9	`firefox-0:140.8.0-2.el9_7`	RHSA-2026:3339	2026-02-25T00:00:00Z
Red Hat Enterprise Linux 9	`thunderbird-0:140.8.0-1.el9_7`	RHSA-2026:3516	2026-03-02T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	`firefox-0:140.8.0-2.el9_0`	RHSA-2026:3493	2026-03-02T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions	`thunderbird-0:140.8.0-1.el9_0`	RHSA-2026:3983	2026-03-09T00:00:00Z
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	`thunderbird-0:140.8.0-1.el9_2`	RHSA-2026:3978	2026-03-09T00:00:00Z
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions	`firefox-0:140.8.0-2.el9_2`	RHSA-2026:4152	2026-03-10T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support	`firefox-0:140.8.0-2.el9_4`	RHSA-2026:3496	2026-03-02T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support	`thunderbird-0:140.8.0-1.el9_4`	RHSA-2026:3981	2026-03-09T00:00:00Z
Red Hat Enterprise Linux 9.6 Extended Update Support	`firefox-0:140.8.0-2.el9_6`	RHSA-2026:3497	2026-03-02T00:00:00Z
Red Hat Enterprise Linux 9.6 Extended Update Support	`thunderbird-0:140.8.0-1.el9_6`	RHSA-2026:3982	2026-03-09T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 10	`rhel10/firefox-flatpak`	Affected
Red Hat Enterprise Linux 10	`rhel10/thunderbird-flatpak`	Affected
Red Hat Enterprise Linux 6	`firefox`	Out of support scope
Red Hat Enterprise Linux 6	`thunderbird`	Out of support scope
Red Hat Enterprise Linux 7	`thunderbird`	Out of support scope

Apply commands

bash fix

Apply RHSA-2026:3361 for Red Hat Enterprise Linux 10

yum update -y firefox
# or:
dnf upgrade -y firefox

Affected

Vendor	Product	Version
redhat	Red Hat Enterprise Linux 10	`Affected`
redhat	Red Hat Enterprise Linux 10	`Affected`

OS impact

OS	Version	Status	Fixed in
rocky	8	fixed
rhel	9	fixed
debian	sid	fixed	`148.0-1`
debian	bookworm	fixed	`140.8.0esr-1~deb12u1`
debian	bullseye	fixed	`140.8.0esr-1~deb11u1`
debian	forky	fixed	`140.8.0esr-1`
debian	trixie	fixed	`140.8.0esr-1~deb13u1`
rocky	9	fixed
sles		affected
almalinux	8	fixed	`firefox-140.8.0-2.el8_10.alma.1.x86_64.rpm`
almalinux	9	fixed	`firefox-x11-140.8.0-2.el9_7.alma.1.x86_64.rpm`

Application impact

Vendor	Product	Versions	Fixed
mozilla	firefox	`{"endExcluding":"140.8.0"}`	`140.8.0`
mozilla	thunderbird	`{"endExcluding":"140.8.0"}`	`140.8.0`

References

CWEs

CWE-416

Verify integrity in audit chain (admin only). AS-IS.