Find real vulnerabilities before they ship
Vulnerability Database › CVE-2026-2790
Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
Base Score