CVE-2026-2783
HIGHFirefox <148 & ESR <140.8 - Info Disclosure
Title source: llmDescription
Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
References (5)
Scores
CVSS v3
7.5
EPSS
0.0004
EPSS Percentile
10.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Classification
CWE
CWE-843
CWE-200
Status
published
Affected Products (4)
mozilla/firefox
< 140.8.0
mozilla/firefox
< 148.0
mozilla/thunderbird
< 140.8.0
mozilla/thunderbird
< 148.0
Timeline
Published
Feb 24, 2026
Tracked Since
Feb 24, 2026