{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24869", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2026-01-27T15:11:51.078Z", "datePublished": "2026-01-27T15:58:48.799Z", "dateUpdated": "2026-04-13T13:53:08.241Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "147.0.2", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2."}]}], "title": "Use-after-free in the Layout: Scrolling and Overflow component", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2008698"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-06/"}], "credits": [{"lang": "en", "value": "Hiroyuki Ikezoe"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T13:53:08.241Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-01-28T04:55:25.391192Z", "id": "CVE-2026-24869", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T21:48:47.132Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-24869", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-28T04:55:25.391192Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T16:11:46.924Z"}}], "cna": {"title": "Use-after-free in the Layout: Scrolling and Overflow component", "credits": [{"lang": "en", "value": "Hiroyuki Ikezoe"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "147.0.2", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2008698"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-06/"}], "descriptions": [{"lang": "en", "value": "Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2.", "supportingMedia": [{"type": "text/html", "value": "Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T13:53:08.241Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24869", "state": "PUBLISHED", "dateUpdated": "2026-04-13T13:53:08.241Z", "dateReserved": "2026-01-27T15:11:51.078Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2026-01-27T15:58:48.799Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "21090562-C94F-4894-A700-FD3BDEE56713", "versionEndExcluding": "147.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2."}, {"lang": "es", "value": "Uso despu\u00e9s de liberaci\u00f3n en el componente de Dise\u00f1o: Desplazamiento y Desbordamiento. Esta vulnerabilidad afecta a Firefox < 147.0.2."}], "id": "CVE-2026-24869", "lastModified": "2026-04-13T15:17:19.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-01-27T16:16:36.283", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2008698"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2026-06/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "firefox: Use-after-free in the Layout: Scrolling and Overflow component", "id": "2433424", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433424"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2026-24869", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-27T15:58:48Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-24869\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-24869\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=2008698\nhttps://www.mozilla.org/security/advisories/mfsa2026-06/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-15T15:35:59.295485+00:00", "value": {"mitigation_remediation": ["Upgrade Firefox to version 147.0.2 or later to receive the official patch", "Configure the browser to automatically install updates so that future security fixes are applied promptly", "If an immediate upgrade is not possible, restrict the use of affected content by disabling advanced layout features or employing content filtering until the patch is applied"], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox versions earlier than 147.0.2 are vulnerable. The patch was applied in Firefox 147.0.2, so any build prior to that is at risk. The issue affects all platforms supported by Firefox where the component is enabled.", "description_and_impact": "This vulnerability is a use\u2011after\u2011free flaw in Firefox\u2019s Layout: Scrolling and Overflow component. The flaw can corrupt memory when the component attempts to access a deallocated object, potentially allowing an attacker to execute arbitrary code or crash the browser. The weakness, identified as CWE\u2011416, indicates that improper handling of freed memory can lead to data integrity and confidentiality losses if an attacker can control the content that causes the overflow. The description does not explicitly mention successful exploitation, but typical use\u2011after\u2011free bugs of this type can lead to remote code execution in a privileged browser process.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity. However, the EPSS score is below 1%, suggesting that the likelihood of current exploitation is low and it is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector requires an attacker to deliver or manipulate content in a context that causes the scrolling and overflow layout logic to reuse freed memory \u2013 most likely through a crafted web page or plugin. No publicly disclosed exploits are known, and the vulnerability appears to be in the early stages of exploitation potential."}}}}, "created": "2026-01-28T12:22:37.038551+00:00", "updated": "2026-04-15T18:00:15.534788+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox"]}