CVE Catalog

CVE-2026-8391

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

21th percentile - higher than 21% of all known CVEs

Summary

An unspecified vulnerability was discovered in the JavaScript Engine component of Firefox and Thunderbird. The flaw is fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Risk Assessment

An attacker could exploit this vulnerability to execute arbitrary code or compromise user data confidentiality.

Recommendation

Immediately update Firefox to version 150.0.3 or later, and Firefox ESR and Thunderbird to the versions specified in the advisory.

Original NVD description (English source)

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS