Mozilla Products Remote Code Execution Vulnerability

Release Date: 20 Feb 2026

RISK: Medium Risk

TYPE: Clients - Browsers

A vulnerability was identified in Mozilla Products. A remote attacker could exploit this vulnerability to trigger denial of service condition and remote code execution on the targeted system.

---

Impact

• Denial of Service
• Remote Code Execution

---

System / Technologies affected

Versions prior to:

 

• Firefox 147.0.4
• Firefox ESR 115.32.1
• Firefox ESR 140.7.1
• Thunderbird 140.7.2
• Thunderbird 147.0.2

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• Firefox 147.0.4
• Firefox ESR 115.32.1
• Firefox ESR 140.7.1
• Thunderbird 140.7.2
• Thunderbird 147.0.2

---

Vulnerability Identifier

• CVE-2026-2447

---

Source

• Mozilla

---

Related Link

• https://www.mozilla.org/en-US/security/advisories/mfsa2026-10/
• https://www.mozilla.org/en-US/security/advisories/mfsa2026-11/