CVE-2026-3847 - Vulnerability Details - OpenCVE

Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148.0.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://bugzilla.mozilla.org/buglist.cgi?bug_id=2017513%2C2017622%2C2019341
https://www.mozilla.org/security/advisories/mfsa2026-19/

History

Tue, 10 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119 CWE-416
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 10 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148.0.2.
Title		Memory safety bugs fixed in Firefox 148.0.2
References		https://bugzilla.mozilla.org/buglist.cgi?bug_id=2017513%2C2017622%2C2019341 https://www.mozilla.org/security/advisories/mfsa2026-19/

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2026-03-10T15:03:51.113Z

Updated: 2026-03-10T15:42:43.632Z

Reserved: 2026-03-09T19:33:24.537Z

Link: CVE-2026-3847

Vulnrichment

Updated: 2026-03-10T15:40:30.695Z

NVD

No data.

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3847", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2026-03-09T19:33:24.537Z", "datePublished": "2026-03-10T15:03:51.113Z", "dateUpdated": "2026-03-10T15:42:43.632Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "148.0.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148.0.2.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148.0.2."}]}], "title": "Memory safety bugs fixed in Firefox 148.0.2", "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2017513%2C2017622%2C2019341", "name": "Memory safety bugs fixed in Firefox 148.0.2"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-19/"}], "credits": [{"lang": "en", "value": "Jon Coppeard and the Mozilla Fuzzing Team"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-03-10T15:03:51.113Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T15:42:40.655735Z", "id": "CVE-2026-3847", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T15:42:43.632Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3847", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-10T15:42:40.655735Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T15:40:30.695Z"}}], "cna": {"title": "Memory safety bugs fixed in Firefox 148.0.2", "credits": [{"lang": "en", "value": "Jon Coppeard and the Mozilla Fuzzing Team"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "148.0.2", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=2017513%2C2017622%2C2019341", "name": "Memory safety bugs fixed in Firefox 148.0.2"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-19/"}], "descriptions": [{"lang": "en", "value": "Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148.0.2.", "supportingMedia": [{"type": "text/html", "value": "Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148.0.2.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-03-10T15:03:51.113Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3847", "state": "PUBLISHED", "dateUpdated": "2026-03-10T15:42:43.632Z", "dateReserved": "2026-03-09T19:33:24.537Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2026-03-10T15:03:51.113Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}