VYPR

CWE-416

Use After Free

VariantStableLikelihood: High

Description

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (2,306)

page 4 of 116
  • CVE-2026-4691CriMar 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

  • CVE-2026-2799CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

  • CVE-2026-2797CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

  • CVE-2026-2795CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.

  • CVE-2026-2789CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

  • CVE-2026-2787CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

  • CVE-2026-2786CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

  • CVE-2026-2772CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

  • CVE-2026-2770CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

  • CVE-2026-2767CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

  • CVE-2026-2766CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

  • CVE-2026-2765CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

  • CVE-2026-2764CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

  • CVE-2026-2763CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

  • CVE-2026-2758CriFeb 24, 2026
    risk 0.64cvss 9.8epss 0.01

    Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

  • CVE-2026-0884CriJan 13, 2026
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

  • CVE-2025-14860CriDec 18, 2025
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1.

  • CVE-2025-14326CriDec 9, 2025
    risk 0.64cvss 9.8epss 0.00

    Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146.

  • CVE-2025-14321CriDec 9, 2025
    risk 0.64cvss 9.8epss 0.01

    Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6.

  • CVE-2025-12380CriOct 28, 2025
    risk 0.64cvss 9.8epss 0.00

    Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2.