7.5
CVE-2026-2794
- EPSS 0.25%
- Veröffentlicht 24.02.2026 13:33:25
- Zuletzt bearbeitet 30.06.2026 03:18:20
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android
Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 148.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.165 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.
https://www.mozilla.org/security/advisories/mfsa2026-13/
https://bugzilla.mozilla.org/show_bug.cgi?id=2008365
https://access.redhat.com/security/cve/CVE-2026-2794
https://bugzilla.redhat.com/show_bug.cgi?id=2442286
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2794.json