Find notable cyber news and cases, enriched with sources, timelines, and signals.

Firefox JIT miscompilation in JavaScript WebAssembly security flaw (CVE-2026-2796)

Vulnerability
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

Firefox 148 now addresses CVE-2026-2796, a CVSS 9.8 JIT miscompilation in the JavaScript WebAssembly component, after Anthropic validated the flaw and showed it could be turned into an exploit in testing. The broader finding set includes 22 Firefox vulnerabilities, with 14 high-severity bugs discovered during a two-week effort in January 2026. The disclosure matters because it ties a specific browser weakness to demonstrated exploit development, even though the exploit only worked in a constrained test environment.

Related Happenings

ExploitBench benchmark shows frontier AI models can stage Chrome exploit chains against vulnerable V8 builds

Technical Analysis
H score16 First: 04.06.2026 16:00 Last: 04.06.2026 16:00 Sources 1

About this happening: Bugcrowd’s **ExploitBench** now shows frontier AI models can progress through staged **Google Chrome** exploit chains, raising the risk of faster **AI-assisted exploit development...

Mozilla Firefox 149 adds a built-in VPN privacy control with phased rollout

Security Tool/Service
H score11 First: 24.03.2026 19:23 Last: 24.03.2026 19:23 Sources 1

About this happening: **Mozilla Firefox 149** now includes a **built-in VPN tool** that adds browser-level privacy protection and can help hide a user's **location and IP address** while browsing. The...

CISA KEV multi-product active exploitation wave (CVE-2020-7796)

Exploitation Wave
H score53 First: 18.02.2026 08:52 Last: 18.02.2026 08:52 Sources 1

About this happening: **CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...

GhostPoster malicious browser extension campaign across Chrome, Firefox, and Edge

Campaign
H score25 First: 17.01.2026 17:23 Last: 17.01.2026 17:23 Sources 1

About this happening: The **GhostPoster** campaign resurfaced with **17 malicious extensions** in **Chrome, Firefox, and Edge**, putting users at risk of **browser monitoring**, **affiliate-link hijack...

Mozilla ends Onerep partnership and retires Monitor Plus

Commercial Activity
H score0 First: 20.11.2025 21:06 Last: 20.11.2025 21:06 Sources 1

About this happening: Mozilla said it will **discontinue Monitor Plus** and end its **Onerep** partnership, removing a Firefox-integrated privacy service used for **data broker site scans** and **perso...

Timeline

  1. 07.03.2026 13:21 2 articles · 4mo ago

    Anthropic discloses Firefox CVE-2026-2796 findings

    Initial Disclosure

    Anthropic and Mozilla disclosed that Claude Opus 4.6 found 22 Firefox vulnerabilities during a January 2026 security effort, including CVE-2026-2796, a CVSS 9.8 just-in-time (JIT) miscompilation in the JavaScript WebAssembly component. Mozilla said the issues were fixed in Firefox 148, while Anthropic said its testing also produced a use-after-free finding in JavaScript and a small number of exploit successes in a stripped-down evaluation environment.

    Show sources