CVE-2026-0885

CVE-2026-0885: Use-after-free in the JavaScript: GC component

Published January 13, 2026
Last update April 13, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Key dates

Disclosure timeline

January 13, 2026 CVE published
April 13, 2026 Record updated