Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.CreditsEvyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from AnthropicReferenceshttps://bugzilla.mozilla.org/show_bug.cgi?id=2013561https://www.mozilla.org/security/advisories/mfsa2026-13/https://www.mozilla.org/security/advisories/mfsa2026-16/