Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
The vulnerability is classified as CWE-824 (Access of Uninitialized Pointer), meaning that the browser engine or email client references a pointer that was not properly initialized during DOM object processing. An improper operation on such a pointer can lead to memory corruption. A network attack vector with no privilege or user interaction requirements indicates that processing malicious content alone (e.g., a web page or HTML message) can trigger the error.
An attacker can gain full control over system confidentiality, integrity, and availability — in practice, this may mean remote execution of arbitrary code (RCE) in the context of a browser or email client process.
Mozilla Firefox should be immediately updated to version 148 and Mozilla Thunderbird to version 148, in which the vulnerability has been fixed. Details are available in the vendor's security advisories: mfsa2026-13 (Firefox) and mfsa2026-16 (Thunderbird).
Mozilla Firefox in versions prior to 148 and Mozilla Thunderbird in versions prior to 148.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMozilla Firefox
APPMozilla< 148.0Mozilla Thunderbird
APPMozilla< 148.0
Related vulnerabilities
Use-after-free w Animation timelines Firefox/Thunderbird — RCE
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...
Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...