CVE-2026-2790: firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component

Severity: Critical

CVSS Score: 9.8

Same-origin policy bypass in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.