CVE-2026-8388

MEDIUM

Incorrect boundary conditions in the JavaScript Engine: JIT component

Title source: cna
STIX 2.1

Description

Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

References (29)

Core 29
Core References

Scores

CVSS v3 6.5
EPSS 0.0024
EPSS Percentile 15.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-119 CWE-787
Status published
Products (5)
mozilla/firefox < 150.0.3
Mozilla/Firefox 115.36 - 115.*
Mozilla/Firefox 140.11 - 140.*
Mozilla/Firefox 150.0.3
Mozilla/Thunderbird 140.11
Published May 12, 2026
Tracked Since May 12, 2026