CWE-416
Use After Free
VariantStableLikelihood: High
Description
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (1,404)
page 5 of 71| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-2789 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2026-2787 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Use-after-free in the DOM: Window and Location component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2026-2786 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2026-2772 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2026-2770 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2026-2767 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2026-2766 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2026-2765 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2026-2764 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2026-2763 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2026-2758 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2026-0884 | Cri | 0.64 | 9.8 | 0.00 | Jan 13, 2026 | Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. | |
| CVE-2025-14860 | Cri | 0.64 | 9.8 | 0.00 | Dec 18, 2025 | Use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 146.0.1. | |
| CVE-2025-14326 | Cri | 0.64 | 9.8 | 0.00 | Dec 9, 2025 | Use-after-free in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 146 and Thunderbird 146. | |
| CVE-2025-14321 | Cri | 0.64 | 9.8 | 0.00 | Dec 9, 2025 | Use-after-free in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6. | |
| CVE-2025-12380 | Cri | 0.64 | 9.8 | 0.00 | Oct 28, 2025 | Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2. | |
| CVE-2025-11719 | Cri | 0.64 | 9.8 | 0.00 | Oct 14, 2025 | Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability was fixed in Firefox 144 and Thunderbird 144. | |
| CVE-2025-11708 | Cri | 0.64 | 9.8 | 0.00 | Oct 14, 2025 | Use-after-free in MediaTrackGraphImpl::GetInstance(). This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. | |
| CVE-2025-50518 | Cri | 0.64 | 9.8 | 0.00 | Aug 14, 2025 | A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possibility of executing arbitrary code. NOTE: this is disputed by the Supplier because it only occurs when an application uses libcoap incorrectly. | |
| CVE-2025-43222 | Cri | 0.64 | 9.8 | 0.00 | Jul 30, 2025 | A use-after-free issue was addressed by removing the vulnerable code. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected app termination. |