CVE-2026-2801

Received Received - Intake

Boundary Error in Firefox WebAssembly Causes Potential Memory Corruption

Publication date: 2026-02-24

Last updated on: 2026-04-13

Assigner: Mozilla Corporation

Description

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-02-24

Last Modified

2026-04-13

Generated

2026-06-16

AI Q&A

2026-02-24

EPSS Evaluated

2026-06-14

NVD

CVE-2026-2801

EUVD

EUVD-2026-8455

Affected Vendors & Products

Vendor	Product	Version / Range
mozilla	firefox	to 148.0 (exc)
mozilla	thunderbird	to 148.0 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-754	The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Attack-Flow Graph

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Executive Summary

This vulnerability involves incorrect boundary conditions in the JavaScript WebAssembly component of Firefox versions earlier than 148.

Impact Analysis

I don't know

Hi! I’m here to help you understand CVE-2026-2801. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-2801

Boundary Error in Firefox WebAssembly Causes Potential Memory Corruption

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart