Security Vulnerabilities
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVSS Score
9.8
EPSS Score
0.001
Published
2026-02-24
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-02-24
Race condition in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVSS Score
4.2
EPSS Score
0.0
Published
2026-02-24
Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-02-24
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-02-24
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-02-24
Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-02-24
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-02-24
Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-02-24
Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-02-24