Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Firefox JIT miscompilation in JavaScript WebAssembly security flaw (CVE-2026-2796)

Vulnerability
First reported
Last updated
Happening score
H score 27
1 unique sources, 1 articles

Summary

Hide ▲

Firefox 148 now addresses CVE-2026-2796, a CVSS 9.8 JIT miscompilation in the JavaScript WebAssembly component, after Anthropic validated the flaw and showed it could be turned into an exploit in testing. The broader finding set includes 22 Firefox vulnerabilities, with 14 high-severity bugs discovered during a two-week effort in January 2026. The disclosure matters because it ties a specific browser weakness to demonstrated exploit development, even though the exploit only worked in a constrained test environment.

Related Happenings

Mozilla Firefox 149 adds a built-in VPN privacy control with phased rollout

Security Tool/Service
First: 24.03.2026 19:23 Last: 24.03.2026 19:23 Sources 1

About this happening: **Mozilla Firefox 149** now includes a **built-in VPN tool** that adds browser-level privacy protection and can help hide a user's **location and IP address** while browsing. The...

Open Happening

CISA KEV multi-product active exploitation wave (CVE-2020-7796)

Exploitation Wave
First: 18.02.2026 08:52 Last: 18.02.2026 08:52 Sources 1

About this happening: **CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...

Open Happening

GhostPoster malicious browser extension campaign across Chrome, Firefox, and Edge

Campaign
First: 17.01.2026 17:23 Last: 17.01.2026 17:23 Sources 1

About this happening: The **GhostPoster** campaign resurfaced with **17 malicious extensions** in **Chrome, Firefox, and Edge**, putting users at risk of **browser monitoring**, **affiliate-link hijack...

Open Happening

Mozilla ends Onerep partnership and retires Monitor Plus

Commercial Activity
First: 20.11.2025 21:06 Last: 20.11.2025 21:06 Sources 1

About this happening: Mozilla said it will **discontinue Monitor Plus** and end its **Onerep** partnership, removing a Firefox-integrated privacy service used for **data broker site scans** and **perso...

Open Happening

Firefox 145 adds anti-fingerprinting defenses

Security Tool/Service
First: 11.11.2025 00:25 Last: 11.11.2025 00:25 Sources 1

About this happening: Mozilla’s **Firefox 145** adds stronger **anti-fingerprinting** defenses, reducing exposure to **persistent cross-site tracking**. The protections start in **Private Browsing Mode...

Open Happening

Timeline

  1. 07.03.2026 13:21 2 articles · 2mo ago

    Anthropic discloses Firefox CVE-2026-2796 findings

    Initial Disclosure

    Anthropic and Mozilla disclosed that Claude Opus 4.6 found 22 Firefox vulnerabilities during a January 2026 security effort, including CVE-2026-2796, a CVSS 9.8 just-in-time (JIT) miscompilation in the JavaScript WebAssembly component. Mozilla said the issues were fixed in Firefox 148, while Anthropic said its testing also produced a use-after-free finding in JavaScript and a small number of exploit successes in a stripped-down evaluation environment.

    Show sources
    Open in new tab