Voozh

Vulnerabilities

CVE-2026-2771 Detail

Modified After Enrichment

This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.

Current Description

Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

View Analysis Description

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

👁 NIST CVSS score

NIST: NVD

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://access.redhat.com/errata/RHSA-2026:3338	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3339	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3361	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3491	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3492	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3493	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3494	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3495	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3496	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3497	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3515	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3516	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3517	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3976	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3978	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3979	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3980	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3981	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3982	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3983	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:3984	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:4022	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:4152	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:4260	redhat-SADP
https://access.redhat.com/errata/RHSA-2026:4432	redhat-SADP
https://access.redhat.com/security/cve/CVE-2026-2771	redhat-SADP
https://bugzilla.mozilla.org/show_bug.cgi?id=2014593	Mozilla Corporation	Issue Tracking Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=2442288	redhat-SADP
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2771.json	redhat-SADP
https://www.mozilla.org/security/advisories/mfsa2026-13/	Mozilla Corporation	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-14/	Mozilla Corporation	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-15/	Mozilla Corporation	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-16/	Mozilla Corporation	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-17/	Mozilla Corporation	Vendor Advisory

Weakness Enumeration

CWE-ID	CWE Name	Source
NVD-CWE-noinfo	Insufficient Information	👁 cwe source acceptance level NIST
CWE-125	Out-of-bounds Read	CISA-ADP

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

8 change records found show changes

CVE Modified by redhat-SADP 6/29/2026 11:18:18 PM

Action	Type	Old Value
Added	CVSS V3.1	AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3338
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3339
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3361
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3491
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3492
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3493
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3494
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3495
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3496
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3497
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3515
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3516
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3517
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3976
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3978
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3979
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3980
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3981
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3982
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3983
Added	Reference	https://access.redhat.com/errata/RHSA-2026:3984
Added	Reference	https://access.redhat.com/errata/RHSA-2026:4022
Added	Reference	https://access.redhat.com/errata/RHSA-2026:4152
Added	Reference	https://access.redhat.com/errata/RHSA-2026:4260
Added	Reference	https://access.redhat.com/errata/RHSA-2026:4432
Added	Reference	https://access.redhat.com/security/cve/CVE-2026-2771
Added	Reference	https://bugzilla.redhat.com/show_bug.cgi?id=2442288
Added	Reference	https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2771.json
Added	Affected	Record truncated, showing 2048 of 3052 characters. View Entire Change Record [{"vendor":"Red Hat","product":"Red Hat Enterprise Linux Server (v. 7 ELS)","defaultStatus":"affected","cpes":["cpe:/o:redhat:rhel_els:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS (v. 10.0)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux_eus:10.0"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 10)","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10.1"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream (v. 8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:enterprise_linux:8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v. 8.2)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.2::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream AUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_aus:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream TUS (v.8.6)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_tus:8.6::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream TUS (v.8.8)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_tus:8.8::appstream"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux AppStream E4S (v.9.0)","defaultStatus":"affected","cpes":["cpe:/a:redhat:rhel_e4s:9.0::appstream"]},{"vendor":"Red H

Quick Info

CVE Dictionary Entry:
CVE-2026-2771
NVD Published Date:
02/24/2026
NVD Last Modified:
06/29/2026
Source:
Mozilla Corporation

URL: https://nvd.nist.gov/vuln/detail/CVE-2026-2771

⇱ NVD - CVE-2026-2771

CVE-2026-2771 Detail

Current Description

Analysis Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by redhat-SADP 6/29/2026 11:18:18 PM

CVE Modified by CISA-ADP 6/17/2026 6:31:42 AM

CVE Modified by Mozilla Corporation 6/17/2026 6:31:42 AM

CVE Modified by Mozilla Corporation 4/13/2026 11:17:23 AM

CVE Modified by CISA-ADP 3/11/2026 12:16:41 PM

Initial Analysis by NIST 2/25/2026 11:39:30 AM

CVE Modified by Mozilla Corporation 2/24/2026 1:29:35 PM

New CVE Received from Mozilla Corporation 2/24/2026 9:16:25 AM

Quick Info