CVE-2026-2790: firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component

Severity: Critical

CVSS Score: 9.8

Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.