CVE-2026-8092
HIGHMemory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2
Title source: cnaDescription
Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.
References (20)
Core 20
Core References
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:19160
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:20566
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:20574
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:24508
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:24509
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:24510
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:24511
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:24516
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:24755
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:24983
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:25015
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-8092
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2467708
Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1806249%2C2021977%2C2022576%2C2022722%2C2024439%2C2027883%2C2029463%2C2030323%2C2032042%2C2032043%2C2033270%2C2033637%2C2034422%2C2034496%2C2035879%2C2036516
Scores
CVSS v3
8.1
EPSS
0.0038
EPSS Percentile
30.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-125
CWE-416
CWE-787
Status
published
Products (8)
mozilla/firefox
< 115.35.2
Mozilla/Firefox
115.35.2 - 115.*
Mozilla/Firefox
140.10.2 - 140.*
mozilla/firefox
150.0 - 150.0.2
Mozilla/Firefox
150.0.2
mozilla/thunderbird
140.0 - 140.10.2
Mozilla/Thunderbird
140.10.2 - 140.*
Mozilla/Thunderbird
150.0.2
Published
May 07, 2026
Tracked Since
May 07, 2026