CVE-2026-0884

CVE-2026-0884: Use-after-free in the JavaScript Engine component

Published January 13, 2026
Last update April 13, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Key dates

Disclosure timeline

January 13, 2026 CVE published
April 13, 2026 Record updated