CVE-2026-8388
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk15th percentile - higher than 15% of all known CVEs
Summary
A vulnerability in the JavaScript Engine: JIT component of Firefox and Thunderbird is caused by incorrect boundary conditions. The flaw was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
Risk Assessment
An attacker could exploit this vulnerability to execute arbitrary code remotely or cause a browser crash, compromising user data confidentiality and integrity.
Recommendation
Immediately update Firefox to version 150.0.3 or later, ESR versions to 115.36/140.11, and Thunderbird to 140.11.
Original NVD description (English source)
Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

