CVE-2026-2792

Vulnerability

CVE-2026-2792

firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148

ecosystem: redhat:6, redhat:7, redhat:8, redhat:9, redhat:10

Memory safety bugs present in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.

References

secalert@redhat.com: https://access.redhat.com/security/cve/CVE-2026-2792
secalert@redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2442318
secalert@redhat.com: https://nvd.nist.gov/vuln/detail/CVE-2026-2792
secalert@redhat.com: https://www.cve.org/CVERecord?id=CVE-2026-2792
secalert@redhat.com: https://www.mozilla.org/security/advisories/mfsa2026-15/#CVE-2026-2792
secalert@redhat.com: https://www.mozilla.org/security/advisories/mfsa2026-17/#CVE-2026-2792

severityI

Important

type: vendor

source: secalert@redhat.com

CVSS3.1

7.5HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AV	Network
AC	High
PR	None
UI	Required
S	Not Changed
C	High
I	High
A	High

source: secalert@redhat.com

published: 2026-02-24 13:33:22

modified: 2026-02-25 20:38:49

Detection

redhat:10

CVE-2026-2792

redhat-vex

OR

fixed

rpm

firefox

package type: binary

Architectures

aarch64
ppc64le
s390x
x86_64

Affected version range

less than
0:140.8.0-2.el10_1
fixed
0:140.8.0-2.el10_1

type: version

fixed

rpm

firefox-debuginfo

package type: binary

Architectures

aarch64
ppc64le
s390x
x86_64

Affected version range

less than
0:140.8.0-2.el10_1
fixed
0:140.8.0-2.el10_1

type: version

fixed

rpm

firefox-debugsource

package type: binary

Architectures

aarch64
ppc64le
s390x
x86_64

Affected version range

less than
0:140.8.0-2.el10_1
fixed
0:140.8.0-2.el10_1

type: version

tag: rhel-10:16bcc3a6-5a22-b622-cf87-064b57bee1d5

OR

unfixedAffected

thunderbird

package type: binary

type: version

unfixedAffected

firefox-flatpak

package type: source

type: version

unfixedAffected

thunderbird

package type: source

type: version

unfixedAffected

thunderbird-flatpak

package type: source

type: version

tag: rhel-10:cb7f04b5-59ae-f6f1-6502-0a9539bcaffa

redhat:6

CVE-2026-2792

redhat-vex

OR

unfixedOut of support scope

firefox

package type: binary

type: version

unfixedOut of support scope

thunderbird

package type: binary

type: version

unfixedOut of support scope

firefox

package type: source

type: version

unfixedOut of support scope

thunderbird

package type: source

type: version

tag: rhel-6-els:82b8edcc-c5a9-5065-0b25-841d8b399123

OR

unfixedOut of support scope

firefox

package type: binary

type: version

unfixedOut of support scope

thunderbird

package type: binary

type: version

unfixedOut of support scope

firefox

package type: source

type: version

unfixedOut of support scope

thunderbird

package type: source

type: version

tag: rhel-6-extras-including-unpatched:82b8edcc-c5a9-5065-0b25-841d8b399123

OR

unfixedOut of support scope

firefox

package type: binary

type: version

unfixedOut of support scope

thunderbird

package type: binary

type: version

unfixedOut of support scope

firefox

package type: source

type: version

unfixedOut of support scope

thunderbird

package type: source

type: version

tag: rhel-6-including-unpatched:82b8edcc-c5a9-5065-0b25-841d8b399123

OR

unfixedOut of support scope

firefox

package type: binary

type: version

unfixedOut of support scope

thunderbird

package type: binary

type: version

unfixedOut of support scope

firefox

package type: source

unfixedAffected

firefox

package type: binary

type: version

unfixedAffected

firefox

package type: source

type: version

tag: rhel-7-supplementary:c2bb3a4b-f1b6-4b36-c63f-75c4a98af7f2

redhat:8

CVE-2026-2792

redhat-vex

OR

fixed

rpm

firefox

package type: binary

Architectures

aarch64
ppc64le
s390x
x86_64

Affected version range

less than
0:140.8.0-2.el8_10
fixed
0:140.8.0-2.el8_10

type: version

fixed

rpm

firefox-debuginfo

package type: binary

Architectures

aarch64
ppc64le
s390x
x86_64

Affected version range

less than
0:140.8.0-2.el8_10
fixed
0:140.8.0-2.el8_10

type: version

fixed

rpm

firefox-debugsource

package type: binary

Architectures

aarch64
ppc64le
s390x
x86_64

Affected version range

less than
0:140.8.0-2.el8_10
fixed
0:140.8.0-2.el8_10

type: version

tag: rhel-8-including-unpatched:1d45e2f7-4fbb-a042-712f-9549ce006dad

OR

unfixedAffected

thunderbird

package type: binary

type: version

unfixedAffected

thunderbird

package type: source

type: version

tag: rhel-8-including-unpatched:3e594312-3af6-db55-2384-6f56555cab09

redhat:9

CVE-2026-2792

redhat-vex

OR

fixed

rpm

firefox

package type: binary

Architectures

aarch64
ppc64le
s390x
x86_64

Affected version range

less than
0:140.8.0-2.el9_7
fixed
0:140.8.0-2.el9_7

type: version

fixed

rpm

firefox-debuginfo

package type: binary

Architectures

aarch64
ppc64le
s390x
x86_64

Affected version range

less than
0:140.8.0-2.el9_7
fixed
0:140.8.0-2.el9_7

type: version

fixed

rpm

firefox-debugsource

package type: binary

Architectures

aarch64
ppc64le
s390x
x86_64

Affected version range

less than
0:140.8.0-2.el9_7
fixed
0:140.8.0-2.el9_7

type: version

fixed

rpm

firefox-x11

package type: binary

Architectures

aarch64
ppc64le
s390x
x86_64

Affected version range

less than
0:140.8.0-2.el9_7
fixed
0:140.8.0-2.el9_7

type: version

tag: rhel-9-including-unpatched:5b7fadb5-44a3-c000-0b6b-54bcbbe45b62

OR

unfixedAffected

thunderbird

package type: binary

type: version

unfixedAffected

thunderbird

package type: source

type: version

tag: rhel-9-including-unpatched:aa2bd99f-5547-f6d7-6eb2-f48047b0201c

Data Sources

RedHat Enterprise Linux CSAF VEX
redhat-vex

FutureVuls|GitHub