Vulnerability-Lookup

alsa-2026:21378

Vulnerability from osv_almalinux

Published

2026-05-27 00:00

Modified

2026-05-29 12:27

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component (CVE-2026-8388)
firefox: Other issue in the JavaScript Engine component (CVE-2026-8391)
firefox: Sandbox escape in the Profile Backup component (CVE-2026-8401)
firefox: Integer overflow in the Networking: JAR component (CVE-2026-8956)
firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 (CVE-2026-8975)
firefox: Privilege escalation in the DOM: Workers component (CVE-2026-8955)
firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component (CVE-2026-8968)
firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component (CVE-2026-8954)
firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-8958)
firefox: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-8946)
firefox: Privilege escalation in the Security component (CVE-2026-8970)
firefox: Same-origin policy bypass in the Networking: HTTP component (CVE-2026-8950)
firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 (CVE-2026-8974)
firefox: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-8953)
firefox: Spoofing issue in the Form Autofill component (CVE-2026-8961)
firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-8947)
firefox: Mitigation bypass in the DOM: Security component (CVE-2026-8962)
firefox: Privilege escalation in the Enterprise Policies component (CVE-2026-8957)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:21378	ADVISORY
	https://access.redhat.com/security/cve/CVE-2026-8388	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8391	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8401	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8946	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8947	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8950	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8953	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8954	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8955	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8956	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8957	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8958	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8961	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8962	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8968	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8970	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8974	REPORT
	https://access.redhat.com/security/cve/CVE-2026-8975	REPORT
	https://bugzilla.redhat.com/2476469	REPORT
	https://bugzilla.redhat.com/2476475	REPORT
	https://bugzilla.redhat.com/2476492	REPORT
	https://bugzilla.redhat.com/2479839	REPORT
	https://bugzilla.redhat.com/2479840	REPORT
	https://bugzilla.redhat.com/2479842	REPORT
	https://bugzilla.redhat.com/2479846	REPORT
	https://bugzilla.redhat.com/2479847	REPORT
	https://bugzilla.redhat.com/2479848	REPORT
	https://bugzilla.redhat.com/2479849	REPORT
	https://bugzilla.redhat.com/2479852	REPORT
	https://bugzilla.redhat.com/2479853	REPORT
	https://bugzilla.redhat.com/2479855	REPORT
	https://bugzilla.redhat.com/2479860	REPORT
	https://bugzilla.redhat.com/2479871	REPORT
	https://bugzilla.redhat.com/2479873	REPORT
	https://bugzilla.redhat.com/2479876	REPORT
	https://bugzilla.redhat.com/2479880	REPORT
	https://errata.almalinux.org/9/ALSA-2026-21378.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.11.0-1.el9_8.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox-x11"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.11.0-1.el9_8.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  \n\nSecurity Fix(es):  \n\n  * firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component (CVE-2026-8388)\n  * firefox: Other issue in the JavaScript Engine component (CVE-2026-8391)\n  * firefox: Sandbox escape in the Profile Backup component (CVE-2026-8401)\n  * firefox: Integer overflow in the Networking: JAR component (CVE-2026-8956)\n  * firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 (CVE-2026-8975)\n  * firefox: Privilege escalation in the DOM: Workers component (CVE-2026-8955)\n  * firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component (CVE-2026-8968)\n  * firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component (CVE-2026-8954)\n  * firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-8958)\n  * firefox: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-8946)\n  * firefox: Privilege escalation in the Security component (CVE-2026-8970)\n  * firefox: Same-origin policy bypass in the Networking: HTTP component (CVE-2026-8950)\n  * firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 (CVE-2026-8974)\n  * firefox: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-8953)\n  * firefox: Spoofing issue in the Form Autofill component (CVE-2026-8961)\n  * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-8947)\n  * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-8962)\n  * firefox: Privilege escalation in the Enterprise Policies component (CVE-2026-8957)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:21378",
  "modified": "2026-05-29T12:27:51Z",
  "published": "2026-05-27T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:21378"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8388"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8391"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8401"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8946"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8947"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8950"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8953"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8954"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8955"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8956"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8957"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8958"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8961"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8962"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8968"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8970"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8974"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8975"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2476469"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2476475"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2476492"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2479839"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2479840"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2479842"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2479846"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2479847"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2479848"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2479849"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2479852"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2479853"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2479855"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2479860"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2479871"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2479873"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2479876"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2479880"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2026-21378.html"
    }
  ],
  "related": [
    "CVE-2026-8388",
    "CVE-2026-8391",
    "CVE-2026-8401",
    "CVE-2026-8956",
    "CVE-2026-8975",
    "CVE-2026-8955",
    "CVE-2026-8968",
    "CVE-2026-8954",
    "CVE-2026-8958",
    "CVE-2026-8946",
    "CVE-2026-8970",
    "CVE-2026-8950",
    "CVE-2026-8974",
    "CVE-2026-8953",
    "CVE-2026-8961",
    "CVE-2026-8947",
    "CVE-2026-8962",
    "CVE-2026-8957"
  ],
  "summary": "Important: firefox security update"
}

CVE-2026-8388 (GCVE-0-2026-8388)

Vulnerability from cvelistv5 – Published: 2026-05-12 12:36 – Updated: 2026-05-19 17:10

Title

Incorrect boundary conditions in the JavaScript Engine: JIT component

Summary

Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2036978
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.36 , ≤ 115.* (rpm) Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 150.0.3 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.11 , ≤ * (rpm)

Credits

ggwhyp

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8388",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-12T18:28:57.252588Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T18:29:06.860Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.36",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150.0.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ggwhyp"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11."
            }
          ],
          "value": "Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T17:10:46.244Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2036978"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-45/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-47/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
        }
      ],
      "title": "Incorrect boundary conditions in the JavaScript Engine: JIT component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-8388",
    "datePublished": "2026-05-12T12:36:10.633Z",
    "dateReserved": "2026-05-12T12:36:09.855Z",
    "dateUpdated": "2026-05-19T17:10:46.244Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8391 (GCVE-0-2026-8391)

Vulnerability from cvelistv5 – Published: 2026-05-12 12:36 – Updated: 2026-05-19 17:10

Title

Other issue in the JavaScript Engine component

Summary

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-20 - Improper Input Validation
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2038575
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.36 , ≤ 115.* (rpm) Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 150.0.3 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.11 , ≤ * (rpm)

Credits

ggwhyp

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8391",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T15:47:19.047188Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-20",
                "description": "CWE-20 Improper Input Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-79",
                "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T15:47:30.418Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.36",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150.0.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ggwhyp"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11."
            }
          ],
          "value": "Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T17:10:47.079Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038575"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-45/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-47/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
        }
      ],
      "title": "Other issue in the JavaScript Engine component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-8391",
    "datePublished": "2026-05-12T12:36:15.548Z",
    "dateReserved": "2026-05-12T12:36:14.816Z",
    "dateUpdated": "2026-05-19T17:10:47.079Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8401 (GCVE-0-2026-8401)

Vulnerability from cvelistv5 – Published: 2026-05-12 14:24 – Updated: 2026-05-19 17:10

Title

Sandbox escape in the Profile Backup component

Summary

Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-693 - Protection Mechanism Failure

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2038679
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.36 , ≤ 115.* (rpm) Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 150.0.3 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.11 , ≤ * (rpm)

Credits

ggwhyp

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8401",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-14T16:46:22.547730Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T19:54:10.869Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.36",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150.0.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ggwhyp"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11."
            }
          ],
          "value": "Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T17:10:47.433Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038679"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-45/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-47/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
        }
      ],
      "title": "Sandbox escape in the Profile Backup component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-8401",
    "datePublished": "2026-05-12T14:24:33.320Z",
    "dateReserved": "2026-05-12T14:19:41.837Z",
    "dateUpdated": "2026-05-19T17:10:47.433Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8946 (GCVE-0-2026-8946)

Vulnerability from cvelistv5 – Published: 2026-05-19 12:29 – Updated: 2026-05-19 17:10

Title

Incorrect boundary conditions in the Audio/Video: Web Codecs component

Summary

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2029070
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.36 , ≤ 115.* (rpm) Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 151 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 151 , ≤ * (rpm)

Credits

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8946",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-19T14:09:24.484354Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-19T14:11:28.645Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.36",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "151",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "151",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "zx"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
            }
          ],
          "value": "Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T17:10:45.651Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2029070"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-47/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
        }
      ],
      "title": "Incorrect boundary conditions in the Audio/Video: Web Codecs component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-8946",
    "datePublished": "2026-05-19T12:29:36.254Z",
    "dateReserved": "2026-05-19T12:29:35.532Z",
    "dateUpdated": "2026-05-19T17:10:45.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8947 (GCVE-0-2026-8947)

Vulnerability from cvelistv5 – Published: 2026-05-19 12:29 – Updated: 2026-05-19 17:10

Title

Use-after-free in the DOM: Bindings (WebIDL) component

Summary

Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-416 - Use After Free

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2038439
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.36 , ≤ 115.* (rpm) Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 151 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 151 , ≤ * (rpm)

Credits

Satoki Tsuji

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8947",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-19T14:14:49.904157Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-19T14:15:12.387Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.36",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "151",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "151",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Satoki Tsuji"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
            }
          ],
          "value": "Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T17:10:46.663Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038439"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-47/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
        }
      ],
      "title": "Use-after-free in the DOM: Bindings (WebIDL) component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-8947",
    "datePublished": "2026-05-19T12:29:37.800Z",
    "dateReserved": "2026-05-19T12:29:37.072Z",
    "dateUpdated": "2026-05-19T17:10:46.663Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8950 (GCVE-0-2026-8950)

Vulnerability from cvelistv5 – Published: 2026-05-19 12:29 – Updated: 2026-05-19 17:10

Title

Same-origin policy bypass in the Networking: HTTP component

Summary

Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Severity

9.3 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-346 - Origin Validation Error

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=1965430
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 151 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 151 , ≤ * (rpm)

Credits

Jakub Szymsza

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.3,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-19T15:47:45.885624Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-346",
                "description": "CWE-346 Origin Validation Error",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-19T15:49:32.341Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "151",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "151",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jakub Szymsza"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
            }
          ],
          "value": "Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T17:10:48.079Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1965430"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
        }
      ],
      "title": "Same-origin policy bypass in the Networking: HTTP component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-8950",
    "datePublished": "2026-05-19T12:29:42.239Z",
    "dateReserved": "2026-05-19T12:29:41.562Z",
    "dateUpdated": "2026-05-19T17:10:48.079Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8953 (GCVE-0-2026-8953)

Vulnerability from cvelistv5 – Published: 2026-05-19 12:29 – Updated: 2026-05-19 17:10

Title

Sandbox escape due to use-after-free in the Disability Access APIs component

Summary

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Severity

9.6 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2029511
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.36 , ≤ 115.* (rpm) Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 151 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 151 , ≤ * (rpm)

Credits

stevej

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.6,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8953",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-19T16:02:27.035386Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-19T16:03:01.181Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.36",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "151",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "151",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "stevej"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
            }
          ],
          "value": "Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T17:10:48.519Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2029511"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-47/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
        }
      ],
      "title": "Sandbox escape due to use-after-free in the Disability Access APIs component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-8953",
    "datePublished": "2026-05-19T12:29:46.724Z",
    "dateReserved": "2026-05-19T12:29:46.018Z",
    "dateUpdated": "2026-05-19T17:10:48.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8954 (GCVE-0-2026-8954)

Vulnerability from cvelistv5 – Published: 2026-05-19 12:29 – Updated: 2026-05-19 17:10

Title

Incorrect boundary conditions, integer overflow in the Audio/Video component

Summary

Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2030747
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 151 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 151 , ≤ * (rpm)

Credits

Ameen Basha M K

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8954",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-19T14:15:45.643476Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-19T14:16:04.347Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "151",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "151",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ameen Basha M K"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
            }
          ],
          "value": "Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T17:10:48.872Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2030747"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
        }
      ],
      "title": "Incorrect boundary conditions, integer overflow in the Audio/Video component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-8954",
    "datePublished": "2026-05-19T12:29:48.213Z",
    "dateReserved": "2026-05-19T12:29:47.489Z",
    "dateUpdated": "2026-05-19T17:10:48.872Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8955 (GCVE-0-2026-8955)

Vulnerability from cvelistv5 – Published: 2026-05-19 12:29 – Updated: 2026-05-20 15:37

Title

Privilege escalation in the DOM: Workers component

Summary

Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-269 - Improper Privilege Management

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2031064
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 151 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 151 , ≤ * (rpm)

Credits

lebr0nli

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8955",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T03:55:27.801777Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-269",
                "description": "CWE-269 Improper Privilege Management",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-20T15:37:35.207Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "151",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "151",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "lebr0nli"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
            }
          ],
          "value": "Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T17:10:49.147Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2031064"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
        }
      ],
      "title": "Privilege escalation in the DOM: Workers component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-8955",
    "datePublished": "2026-05-19T12:29:49.649Z",
    "dateReserved": "2026-05-19T12:29:48.978Z",
    "dateUpdated": "2026-05-20T15:37:35.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-8956 (GCVE-0-2026-8956)

Vulnerability from cvelistv5 – Published: 2026-05-19 12:29 – Updated: 2026-05-19 17:10

Title

Integer overflow in the Networking: JAR component

Summary

Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2032427
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 151 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 151 , ≤ * (rpm)

Credits

Yaqoub Aldurayhim

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8956",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-19T16:37:45.418477Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-19T16:39:48.181Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "151",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "151",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Yaqoub Aldurayhim"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
            }
          ],
          "value": "Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T17:10:49.476Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2032427"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-46/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-50/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
        }
      ],
      "title": "Integer overflow in the Networking: JAR component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-8956",
    "datePublished": "2026-05-19T12:29:51.114Z",
    "dateReserved": "2026-05-19T12:29:50.365Z",
    "dateUpdated": "2026-05-19T17:10:49.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2026:21378

Vulnerability from osv_almalinux

CVE-2026-8388 (GCVE-0-2026-8388)

CVE-2026-8391 (GCVE-0-2026-8391)

CVE-2026-8401 (GCVE-0-2026-8401)

CVE-2026-8946 (GCVE-0-2026-8946)

CVE-2026-8947 (GCVE-0-2026-8947)

CVE-2026-8950 (GCVE-0-2026-8950)

CVE-2026-8953 (GCVE-0-2026-8953)

CVE-2026-8954 (GCVE-0-2026-8954)

CVE-2026-8955 (GCVE-0-2026-8955)

CVE-2026-8956 (GCVE-0-2026-8956)

Tags

Sightings

Nomenclature