CVE-2026-2797

CVE-2026-2797: Use-after-free in the JavaScript: GC component

Published February 24, 2026
Last update April 13, 2026
View on NVD All CVEs

CVSS base score

What the vulnerability does

Description

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

Key dates

Disclosure timeline

February 24, 2026 CVE published
April 13, 2026 Record updated