CVE-2026-2785Access of Uninitialized Pointer in Mozilla Firefox

CWE-824Access of Uninitialized Pointer12 documents9 sources
Severity
9.8CRITICALNVD
EPSS
0.0%
top 85.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla ThunderbirdMozilla Firefox
Timeline
PublishedFeb 24

Description

Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDmozilla/firefox< 140.8.0+1
NVDmozilla/thunderbird< 140.8.0+1
Debianmozilla/thunderbird< 1:140.8.0esr-1~deb11u1+3

🔴Vulnerability Details

3
OSV
CVE-2026-2785: Invalid pointer in the JavaScript Engine component2026-02-24
CVEList
Invalid pointer in the JavaScript Engine component2026-02-24
GHSA
GHSA-3px2-2xc4-mxr2: Invalid pointer in the JavaScript Engine component2026-02-24

📋Vendor Advisories

6
Red Hat
firefox: thunderbird: Invalid pointer in the JavaScript Engine component2026-02-24
Debian
CVE-2026-2785: firefox - Invalid pointer in the JavaScript Engine component. This vulnerability affects F...2026
Mozilla
Mozilla Foundation Security Advisory 2026-16: CVE-2026-2785
Mozilla
Mozilla Foundation Security Advisory 2026-13: CVE-2026-2785
Mozilla
Mozilla Foundation Security Advisory 2026-17: CVE-2026-2785

🕵️Threat Intelligence

1
Wiz
CVE-2026-2785 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2026-2785 firefox: thunderbird: Invalid pointer in the JavaScript Engine component2026-02-24
CVE-2026-2785 — Access of Uninitialized Pointer | cvebase