Security Vulnerabilities - CVEs Published In February 2026
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-02-24
Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-02-24
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVSS Score
8.8
EPSS Score
0.0
Published
2026-02-24
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-02-24
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-02-24
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-02-24
Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVSS Score
4.2
EPSS Score
0.0
Published
2026-02-24
Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-02-24
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-02-24
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-02-24