CVE-2026-2791: Vulnerability in Mozilla Firefox
Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
AI Analysis
Technical Summary
CVE-2026-2791 is a mitigation bypass vulnerability affecting the Networking: Cache component in Mozilla Firefox. This flaw could allow an attacker to circumvent security mitigations, potentially leading to compromise of confidentiality, integrity, and availability. The vulnerability was fixed in Firefox 148 and Firefox ESR 140.8. The CVSS v3.1 base score is 9.8, reflecting network attack vector, low attack complexity, no privileges or user interaction required, and high impact on all security objectives. The vendor advisory confirms the fix is available and recommends upgrading to the specified versions.
Potential Impact
The vulnerability allows bypassing of mitigation controls in the Networking: Cache component, which could lead to full compromise of the affected system's confidentiality, integrity, and availability. Given the critical CVSS score of 9.8, successful exploitation could enable remote attackers to execute arbitrary code or cause denial of service without any user interaction or privileges. However, no active exploitation in the wild has been reported at this time.
Mitigation Recommendations
Mozilla has released official fixes for this vulnerability in Firefox 148 and Firefox ESR 140.8. Users and administrators should update their Firefox installations to these versions or later to remediate the issue. No additional mitigation steps are required beyond applying the official patches.
CVE-2026-2791: Vulnerability in Mozilla Firefox
Description
Mitigation bypass in the Networking: Cache component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-2791 is a mitigation bypass vulnerability affecting the Networking: Cache component in Mozilla Firefox. This flaw could allow an attacker to circumvent security mitigations, potentially leading to compromise of confidentiality, integrity, and availability. The vulnerability was fixed in Firefox 148 and Firefox ESR 140.8. The CVSS v3.1 base score is 9.8, reflecting network attack vector, low attack complexity, no privileges or user interaction required, and high impact on all security objectives. The vendor advisory confirms the fix is available and recommends upgrading to the specified versions.
Potential Impact
The vulnerability allows bypassing of mitigation controls in the Networking: Cache component, which could lead to full compromise of the affected system's confidentiality, integrity, and availability. Given the critical CVSS score of 9.8, successful exploitation could enable remote attackers to execute arbitrary code or cause denial of service without any user interaction or privileges. However, no active exploitation in the wild has been reported at this time.
Mitigation Recommendations
Mozilla has released official fixes for this vulnerability in Firefox 148 and Firefox ESR 140.8. Users and administrators should update their Firefox installations to these versions or later to remediate the issue. No additional mitigation steps are required beyond applying the official patches.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mozilla
- Date Reserved
- 2026-02-19T15:06:35.590Z
- Cvss Version
- null
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","vendor":"Mozilla"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","vendor":"Mozilla"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","vendor":"Mozilla"},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","vendor":"Mozilla"}]
Threat ID: 699daf70be58cf853bdde22f
Added to database: 2/24/2026, 2:02:24 PM
Last enriched: 4/22/2026, 6:10:13 AM
Last updated: 5/25/2026, 1:34:03 AM
Views: 388
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.