Action not permitted
Modal body text goes here.
Modal Title
Modal Body
alsa-2026:21381
Vulnerability from osv_almalinux
Published
2026-05-27 00:00
Modified
2026-05-29 09:48
Summary
Important: thunderbird security update
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
- firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component (CVE-2026-8388)
- firefox: Other issue in the JavaScript Engine component (CVE-2026-8391)
- firefox: Sandbox escape in the Profile Backup component (CVE-2026-8401)
- firefox: Integer overflow in the Networking: JAR component (CVE-2026-8956)
- firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 (CVE-2026-8975)
- firefox: Privilege escalation in the DOM: Workers component (CVE-2026-8955)
- firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component (CVE-2026-8968)
- firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component (CVE-2026-8954)
- firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-8958)
- firefox: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-8946)
- firefox: Privilege escalation in the Security component (CVE-2026-8970)
- firefox: Same-origin policy bypass in the Networking: HTTP component (CVE-2026-8950)
- firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 (CVE-2026-8974)
- firefox: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-8953)
- firefox: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component (CVE-2026-8959)
- firefox: Spoofing issue in the Form Autofill component (CVE-2026-8961)
- firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-8947)
- firefox: Mitigation bypass in the DOM: Security component (CVE-2026-8962)
- firefox: Privilege escalation in the Enterprise Policies component (CVE-2026-8957)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "thunderbird"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "140.11.0-1.el9_8.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Thunderbird is a standalone mail and newsgroup client. \n\nSecurity Fix(es): \n\n * firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component (CVE-2026-8388)\n * firefox: Other issue in the JavaScript Engine component (CVE-2026-8391)\n * firefox: Sandbox escape in the Profile Backup component (CVE-2026-8401)\n * firefox: Integer overflow in the Networking: JAR component (CVE-2026-8956)\n * firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 (CVE-2026-8975)\n * firefox: Privilege escalation in the DOM: Workers component (CVE-2026-8955)\n * firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component (CVE-2026-8968)\n * firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component (CVE-2026-8954)\n * firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-8958)\n * firefox: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-8946)\n * firefox: Privilege escalation in the Security component (CVE-2026-8970)\n * firefox: Same-origin policy bypass in the Networking: HTTP component (CVE-2026-8950)\n * firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 (CVE-2026-8974)\n * firefox: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-8953)\n * firefox: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component (CVE-2026-8959)\n * firefox: Spoofing issue in the Form Autofill component (CVE-2026-8961)\n * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-8947)\n * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-8962)\n * firefox: Privilege escalation in the Enterprise Policies component (CVE-2026-8957)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:21381",
"modified": "2026-05-29T09:48:34Z",
"published": "2026-05-27T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:21381"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8388"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8391"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8401"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8946"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8947"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8950"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8953"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8954"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8955"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8956"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8957"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8958"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8959"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8961"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8962"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8968"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8970"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8974"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2026-8975"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2476469"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2476475"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2476492"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2479839"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2479840"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2479842"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2479846"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2479847"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2479848"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2479849"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2479852"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2479853"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2479855"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2479860"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2479861"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2479871"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2479873"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2479876"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2479880"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-21381.html"
}
],
"related": [
"CVE-2026-8388",
"CVE-2026-8391",
"CVE-2026-8401",
"CVE-2026-8956",
"CVE-2026-8975",
"CVE-2026-8955",
"CVE-2026-8968",
"CVE-2026-8954",
"CVE-2026-8958",
"CVE-2026-8946",
"CVE-2026-8970",
"CVE-2026-8950",
"CVE-2026-8974",
"CVE-2026-8953",
"CVE-2026-8959",
"CVE-2026-8961",
"CVE-2026-8947",
"CVE-2026-8962",
"CVE-2026-8957"
],
"summary": "Important: thunderbird security update"
}
CVE-2026-8957 (GCVE-0-2026-8957)
Vulnerability from cvelistv5 – Published: 2026-05-19 12:29 – Updated: 2026-05-20 15:37
VLAI
EPSS
Title
Privilege escalation in the Enterprise Policies component
Summary
Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
Credits
Mateusz Dobrzyński
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T03:55:29.107431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T15:37:58.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mateusz Dobrzy\u0144ski"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"value": "Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T17:10:49.812Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2033850"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-46/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-50/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
}
],
"title": "Privilege escalation in the Enterprise Policies component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-8957",
"datePublished": "2026-05-19T12:29:52.576Z",
"dateReserved": "2026-05-19T12:29:51.909Z",
"dateUpdated": "2026-05-20T15:37:58.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8958 (GCVE-0-2026-8958)
Vulnerability from cvelistv5 – Published: 2026-05-19 12:29 – Updated: 2026-05-19 17:10
VLAI
EPSS
Title
Information disclosure, sandbox escape in the Security: Process Sandboxing component
Summary
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
Credits
Yaqoub Aldurayhim
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T15:03:48.961447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T15:05:35.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Yaqoub Aldurayhim"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"value": "Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T17:10:50.174Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2034713"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-46/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-50/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
}
],
"title": "Information disclosure, sandbox escape in the Security: Process Sandboxing component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-8958",
"datePublished": "2026-05-19T12:29:54.014Z",
"dateReserved": "2026-05-19T12:29:53.304Z",
"dateUpdated": "2026-05-19T17:10:50.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8959 (GCVE-0-2026-8959)
Vulnerability from cvelistv5 – Published: 2026-05-19 12:29 – Updated: 2026-05-19 17:10
VLAI
EPSS
Title
Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component
Summary
Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Severity
9.6 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
Credits
Ameen Basha M K
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T16:07:42.543024Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T16:08:39.887Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ameen Basha M K"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"value": "Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T17:10:50.516Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2034754"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-46/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-50/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
}
],
"title": "Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-8959",
"datePublished": "2026-05-19T12:29:55.560Z",
"dateReserved": "2026-05-19T12:29:54.802Z",
"dateUpdated": "2026-05-19T17:10:50.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8961 (GCVE-0-2026-8961)
Vulnerability from cvelistv5 – Published: 2026-05-19 12:29 – Updated: 2026-05-20 15:46
VLAI
EPSS
Title
Spoofing issue in the Form Autofill component
Summary
Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
Credits
Hafiizh
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T15:11:37.668216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T15:46:30.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hafiizh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"value": "Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T17:10:50.926Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1962625"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-46/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-50/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
}
],
"title": "Spoofing issue in the Form Autofill component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-8961",
"datePublished": "2026-05-19T12:29:58.485Z",
"dateReserved": "2026-05-19T12:29:57.815Z",
"dateUpdated": "2026-05-20T15:46:30.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8962 (GCVE-0-2026-8962)
Vulnerability from cvelistv5 – Published: 2026-05-19 12:29 – Updated: 2026-05-20 15:46
VLAI
EPSS
Title
Mitigation bypass in the DOM: Security component
Summary
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
Credits
Manojkumar Jaganathan
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T15:12:43.257770Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T15:46:25.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Manojkumar Jaganathan"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"value": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T17:10:51.227Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2004804"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-46/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-50/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
}
],
"title": "Mitigation bypass in the DOM: Security component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-8962",
"datePublished": "2026-05-19T12:29:59.947Z",
"dateReserved": "2026-05-19T12:29:59.235Z",
"dateUpdated": "2026-05-20T15:46:25.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8968 (GCVE-0-2026-8968)
Vulnerability from cvelistv5 – Published: 2026-05-19 12:30 – Updated: 2026-05-19 17:10
VLAI
EPSS
Title
Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component
Summary
Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
Credits
Tristan Madani
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-19T14:23:50.828739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T14:24:23.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tristan Madani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"value": "Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T17:10:51.600Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2030467"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-46/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-50/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
}
],
"title": "Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-8968",
"datePublished": "2026-05-19T12:30:14.026Z",
"dateReserved": "2026-05-19T12:30:13.364Z",
"dateUpdated": "2026-05-19T17:10:51.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8970 (GCVE-0-2026-8970)
Vulnerability from cvelistv5 – Published: 2026-05-19 12:30 – Updated: 2026-05-20 15:38
VLAI
EPSS
Title
Privilege escalation in the Security component
Summary
Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
Credits
pakhunov.anton.n
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T03:55:30.362854Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T15:38:16.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "pakhunov.anton.n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"value": "Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-19T17:10:51.886Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2032174"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-46/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-50/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
}
],
"title": "Privilege escalation in the Security component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-8970",
"datePublished": "2026-05-19T12:30:17.224Z",
"dateReserved": "2026-05-19T12:30:16.497Z",
"dateUpdated": "2026-05-20T15:38:16.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8974 (GCVE-0-2026-8974)
Vulnerability from cvelistv5 – Published: 2026-05-19 12:30 – Updated: 2026-05-26 17:47
VLAI
EPSS
Title
Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151
Summary
Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
Credits
Nika Layzell, Randell Jesup, Timothy Nikkel, Tom Schuster and the Mozilla Fuzzing Team
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T03:55:33.858670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T15:39:29.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nika Layzell, Randell Jesup, Timothy Nikkel, Tom Schuster and the Mozilla Fuzzing Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"value": "Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T17:47:37.806Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1784128%2C1883230%2C1983677%2C2022390%2C2023116%2C2023657%2C2024255%2C2024418%2C2024441%2C2024447%2C2024966%2C2025412%2C2025467%2C2025940%2C2025950%2C2025956%2C2026284%2C2027247%2C2027255%2C2027288%2C2027306%2C2027322%2C2027332%2C2027333%2C2028266%2C2028292%2C2028319%2C2028526%2C2028870%2C2028876%2C2028882%2C2029062%2C2029309%2C2029414%2C2029422%2C2029428%2C2029447%2C2029732%2C2029785%2C2029793%2C2029813%2C2029899%2C2031028%2C2031457%2C2032039%2C2033610%2C2033854%2C2034498%2C2034628%2C2034978%2C2035966%2C2036668%2C2036905%2C2036930"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-46/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-50/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
}
],
"title": "Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-8974",
"datePublished": "2026-05-19T12:30:23.092Z",
"dateReserved": "2026-05-19T12:30:22.393Z",
"dateUpdated": "2026-05-26T17:47:37.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8975 (GCVE-0-2026-8975)
Vulnerability from cvelistv5 – Published: 2026-05-19 12:30 – Updated: 2026-06-30 03:18
VLAI
EPSS
Title
Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151
Summary
Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Severity
8.8 (High)
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
30 references
| URL | Tags |
|---|---|
| https://bugzilla.mozilla.org/buglist.cgi?bug_id=1… | |
| https://www.mozilla.org/security/advisories/mfsa2… | |
| https://www.mozilla.org/security/advisories/mfsa2… | |
| https://www.mozilla.org/security/advisories/mfsa2… | |
| https://www.mozilla.org/security/advisories/mfsa2… | |
| https://www.mozilla.org/security/advisories/mfsa2… | |
| https://access.redhat.com/security/cve/CVE-2026-8975 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2479840 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:26551 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:27715 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26539 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:21380 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:22325 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:21382 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:22643 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26629 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26270 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26606 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26536 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26630 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26268 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26491 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26269 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26493 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26174 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26492 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:26521 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:21378 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:21381 | vendor-advisoryx_refsource_REDHAT |
Impacted products
19 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.36 , ≤ 115.*
(rpm)
Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 151 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
140.11 , ≤ 140.*
(rpm)
Unaffected: 151 , ≤ * (rpm) |
|
| Red Hat | Red Hat Enterprise Linux Server (v. 7 ELS) |
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 8) |
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream AUS (v.8.4) |
cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4) |
cpe:/a:redhat:rhel_eus_long_life:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream AUS (v.8.6) |
cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6) |
cpe:/a:redhat:rhel_eus_long_life:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.8.8) |
cpe:/a:redhat:rhel_e4s:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream TUS (v.8.8) |
cpe:/a:redhat:rhel_tus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.2) |
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.4) |
cpe:/a:redhat:rhel_e4s:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
Credits
Andrew McCreight, Valentin Gosu, Nika Layzell, Tom Schuster and the Mozilla Fuzzing Team
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-8975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T03:55:35.021555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T15:39:49.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-19T12:30:24.616Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Firefox. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nMemory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T03:18:02.262Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-8975"
},
{
"name": "RHBZ#2479840",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479840"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8975.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26551"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27715"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26539"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21380"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22325"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21382"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22643"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26629"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26270"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26606"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26536"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26630"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26268"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26491"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26269"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26493"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26174"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26492"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26521"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21378"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21381"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:26551: Red Hat Enterprise Linux Server (v. 7 ELS)"
},
{
"lang": "en",
"value": "RHSA-2026:27715: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:26539: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:21380: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:22325: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:21382: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:22643: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:26629: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:26270: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:26606: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:26536: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:26630: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:26268: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:26491: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:26269: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:26493: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:26174: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:26492: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:26521: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:21378: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:21381: Red Hat Enterprise Linux AppStream (v. 9)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-19T14:01:22.742Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-19T12:30:24.616Z",
"value": "Made public."
}
],
"title": "firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.36",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.11",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "151",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andrew McCreight, Valentin Gosu, Nika Layzell, Tom Schuster and the Mozilla Fuzzing Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"value": "Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T17:47:38.144Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1860195%2C2029325%2C2029429%2C2029910%2C2035915%2C2038678%2C2038669"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-46/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-47/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-50/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
}
],
"title": "Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2026-8975",
"datePublished": "2026-05-19T12:30:24.616Z",
"dateReserved": "2026-05-19T12:30:23.949Z",
"dateUpdated": "2026-06-30T03:18:02.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…