CVE Catalog

CVE-2026-8388

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile - higher than 15% of all known CVEs

Summary

A vulnerability in the JavaScript Engine: JIT component of Firefox and Thunderbird is caused by incorrect boundary conditions. The flaw was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Risk Assessment

An attacker could exploit this vulnerability to execute arbitrary code remotely or cause a browser crash, compromising user data confidentiality and integrity.

Recommendation

Immediately update Firefox to version 150.0.3 or later, ESR versions to 115.36/140.11, and Thunderbird to 140.11.

Original NVD description (English source)

Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS