Cyber Resilience

CVE-2026-2779

Critical

Published: 24 February 2026

Published
24 February 2026
Modified
13 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0060 44.6th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-2779 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Mozilla Firefox. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 44.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-2779 is a vulnerability involving incorrect boundary conditions in the Networking: JAR component of Mozilla Firefox and Thunderbird. It affects versions prior to Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8, and is associated with CWE-119 (likely a buffer overflow due to improper bounds checking), as indicated by NVD-CWE-noinfo. The issue carries a CVSS v3.1 base score of 9.8, reflecting its critical severity.

An unauthenticated attacker can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation enables high-impact compromise, including unauthorized access to sensitive data (confidentiality), modification of system state (integrity), and disruption of services (availability).

Mozilla security advisories (MFSA 2026-13, 15, 16, and 17) and the associated Bugzilla entry detail the patch, recommending immediate updates to Firefox 148, Firefox ESR 140.8, Thunderbird 148, or Thunderbird 140.8 to mitigate the issue.

EU & UK References

Vulnerability details

Incorrect boundary conditions in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Remote buffer overflow (CWE-119) in client-side Networking:JAR component of Firefox/Thunderbird enables arbitrary code execution with no user interaction, directly mapping to T1203 Exploitation for Client Execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-8035Same product: Mozilla Firefox
CVE-2026-0892Same product: Mozilla Firefox
CVE-2025-9184Same product: Mozilla Firefox
CVE-2025-9179Same product: Mozilla Firefox
CVE-2026-7324Same product: Mozilla Firefox
CVE-2026-8954Same product: Mozilla Firefox
CVE-2026-8974Same product: Mozilla Firefox
CVE-2025-9185Same product: Mozilla Firefox
CVE-2026-4710Same product: Mozilla Firefox
CVE-2026-0891Same product: Mozilla Firefox

Affected Assets

mozilla
firefox
≤ 140.8.0 · ≤ 148.0
mozilla
thunderbird
≤ 140.8.0 · ≤ 148.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates timely identification, reporting, and correction of software flaws like the buffer overflow in Firefox/Thunderbird's Networking JAR component via vendor patches such as Firefox 148.

prevent

Implements memory safeguards like address space layout randomization and data execution prevention to block unauthorized code execution from buffer overflow exploits in the JAR component.

detect

Provides vulnerability scanning to identify systems running vulnerable versions of Firefox or Thunderbird affected by the JAR boundary condition flaw.

References