CVE-2026-2763

CVE-2026-2763: Use-after-free in the JavaScript Engine component

Published February 24, 2026
Last update April 15, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Key dates

Disclosure timeline

February 24, 2026 CVE published
April 15, 2026 Record updated