CVE-2026-2794

Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability affects Firefox < 148.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=2008365	Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-13/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*

History

25 Feb 2026, 19:18

Type	Values Removed	Values Added
CWE		CWE-908
CPE		cpe:2.3:a:mozilla:firefox:::::-:::*
First Time		Mozilla Mozilla firefox
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
References	~~() https://bugzilla.mozilla.org/show_bug.cgi?id=2008365 -~~	() https://bugzilla.mozilla.org/show_bug.cgi?id=2008365 - Permissions Required
References	~~() https://www.mozilla.org/security/advisories/mfsa2026-13/ -~~	() https://www.mozilla.org/security/advisories/mfsa2026-13/ - Vendor Advisory

24 Feb 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-24 14:16

Updated : 2026-02-26 21:28

NVD link : CVE-2026-2794

Mitre link : CVE-2026-2794

CVE.ORG link : CVE-2026-2794

JSON object : View

Products Affected

mozilla

firefox

CWE

CWE-908

Use of Uninitialized Resource

7.5 /10