CVE-2026-2771 Undefined behavior in the DOM: Core & HTML component

🗓️ 24 Feb 2026 13:33:08Reported by mozillaType

Undefined behavior in DOM Core and HTML affects Firefox before 148 and ESR before 115.33 and 140.8.

Reporter	Title	Published	Views	Family All 291
ATTACKERKB	CVE-2026-2771	24 Feb 202613:33	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : firefox (ALAS2023-2026-1470)	30 Mar 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3198 (ALAS-2026-3198)	19 Mar 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-054 (ALASFIREFOX-2026-054)	19 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : firefox (ALSA-2026:3338)	5 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : firefox (ALSA-2026:3339)	26 Feb 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : firefox (ALSA-2026:3361)	26 Feb 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : thunderbird (ALSA-2026:3515)	6 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : thunderbird (ALSA-2026:3516)	5 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : thunderbird (ALSA-2026:3517)	6 Mar 202600:00	–	nessus

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "115.33",
        "lessThanOrEqual": "115.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "140.8",
        "lessThanOrEqual": "140.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "148",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "140.8",
        "lessThanOrEqual": "140.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "148",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  }
]

Source	Link
mozilla	www.mozilla.org/security/advisories/mfsa2026-16/
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi
mozilla	www.mozilla.org/security/advisories/mfsa2026-17/
mozilla	www.mozilla.org/security/advisories/mfsa2026-13/
mozilla	www.mozilla.org/security/advisories/mfsa2026-15/
mozilla	www.mozilla.org/security/advisories/mfsa2026-14/

13 Apr 2026 13:52Current

EPSS0.00487