CVE-2026-2801
Received
Received - Intake
Boundary Error in Firefox WebAssembly Causes Potential Memory Corruption
Publication date: 2026-02-24
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 148.0 (exc) |
| mozilla | thunderbird | to 148.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
I don't know
Can you explain this vulnerability to me?
This vulnerability involves incorrect boundary conditions in the JavaScript WebAssembly component of Firefox versions earlier than 148.
How can this vulnerability impact me? :
I don't know
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70