VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-6fsa-bnes-tkff

Essentials
Severities (37)
References (39)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-6fsa-bnes-tkff
Aliases	CVE-2026-2765
Summary	Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2765.json
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00023	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2026-2765
cvssv3.1	9.8	https://bugzilla.mozilla.org/show_bug.cgi?id=2013562
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=2013562
cvssv3.1	8.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2026-13
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2026-15
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2026-16
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2026-17
cvssv3.1	9.8	https://www.mozilla.org/security/advisories/mfsa2026-13/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2026-13/
cvssv3.1	9.8	https://www.mozilla.org/security/advisories/mfsa2026-15/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2026-15/
cvssv3.1	9.8	https://www.mozilla.org/security/advisories/mfsa2026-16/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2026-16/
cvssv3.1	9.8	https://www.mozilla.org/security/advisories/mfsa2026-17/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2026-17/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2765.json
		https://api.first.org/data/v1/epss?cve=CVE-2026-2765
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2765
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2442333		https://bugzilla.redhat.com/show_bug.cgi?id=2442333
mfsa2026-13		https://www.mozilla.org/en-US/security/advisories/mfsa2026-13
mfsa2026-13		https://www.mozilla.org/security/advisories/mfsa2026-13/
mfsa2026-15		https://www.mozilla.org/en-US/security/advisories/mfsa2026-15
mfsa2026-15		https://www.mozilla.org/security/advisories/mfsa2026-15/
mfsa2026-16		https://www.mozilla.org/en-US/security/advisories/mfsa2026-16
mfsa2026-16		https://www.mozilla.org/security/advisories/mfsa2026-16/
mfsa2026-17		https://www.mozilla.org/en-US/security/advisories/mfsa2026-17
mfsa2026-17		https://www.mozilla.org/security/advisories/mfsa2026-17/
RHSA-2026:3338		https://access.redhat.com/errata/RHSA-2026:3338
RHSA-2026:3339		https://access.redhat.com/errata/RHSA-2026:3339
RHSA-2026:3361		https://access.redhat.com/errata/RHSA-2026:3361
RHSA-2026:3491		https://access.redhat.com/errata/RHSA-2026:3491
RHSA-2026:3492		https://access.redhat.com/errata/RHSA-2026:3492
RHSA-2026:3493		https://access.redhat.com/errata/RHSA-2026:3493
RHSA-2026:3494		https://access.redhat.com/errata/RHSA-2026:3494
RHSA-2026:3495		https://access.redhat.com/errata/RHSA-2026:3495
RHSA-2026:3496		https://access.redhat.com/errata/RHSA-2026:3496
RHSA-2026:3497		https://access.redhat.com/errata/RHSA-2026:3497
RHSA-2026:3515		https://access.redhat.com/errata/RHSA-2026:3515
RHSA-2026:3516		https://access.redhat.com/errata/RHSA-2026:3516
RHSA-2026:3517		https://access.redhat.com/errata/RHSA-2026:3517
RHSA-2026:3976		https://access.redhat.com/errata/RHSA-2026:3976
RHSA-2026:3978		https://access.redhat.com/errata/RHSA-2026:3978
RHSA-2026:3979		https://access.redhat.com/errata/RHSA-2026:3979
RHSA-2026:3980		https://access.redhat.com/errata/RHSA-2026:3980
RHSA-2026:3981		https://access.redhat.com/errata/RHSA-2026:3981
RHSA-2026:3982		https://access.redhat.com/errata/RHSA-2026:3982
RHSA-2026:3983		https://access.redhat.com/errata/RHSA-2026:3983
RHSA-2026:3984		https://access.redhat.com/errata/RHSA-2026:3984
RHSA-2026:4022		https://access.redhat.com/errata/RHSA-2026:4022
RHSA-2026:4152		https://access.redhat.com/errata/RHSA-2026:4152
RHSA-2026:4260		https://access.redhat.com/errata/RHSA-2026:4260
RHSA-2026:4432		https://access.redhat.com/errata/RHSA-2026:4432
show_bug.cgi?id=2013562		https://bugzilla.mozilla.org/show_bug.cgi?id=2013562

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2765.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/show_bug.cgi?id=2013562

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=2013562

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2026-13/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/ Found at https://www.mozilla.org/security/advisories/mfsa2026-13/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2026-15/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/ Found at https://www.mozilla.org/security/advisories/mfsa2026-15/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2026-16/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/ Found at https://www.mozilla.org/security/advisories/mfsa2026-16/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2026-17/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-28T02:30:09Z/ Found at https://www.mozilla.org/security/advisories/mfsa2026-17/

Exploit Prediction Scoring System (EPSS)

Percentile	0.06107
EPSS Score	0.00023
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:16:34.562532+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2026/mfsa2026-15.yml	38.0.0