CVEFinder.io

CVE-2026-8090

⚠️ high
🔍 Scan for this CVE
Summary

Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.

CVSS Score
7.3
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-07
First Seen: 2026-05-10
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 55.6% of all 321,361 vulnerabilities in our database.

#142,783
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 7, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Kevin Brosnan
SSVC data provided by CISA
Last Modified 2026-05-08
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE IDs (Weakness Types)
CWE-416

📦 Affected Products 5

Vendor Product Status Affected Versions
mozilla firefox Affected
< 115.35.2
mozilla firefox Affected
> 128.0 < 140.10.2
mozilla firefox Affected
< 150.0.2
mozilla thunderbird Affected
< 140.10.2
mozilla thunderbird Affected
< 150.0.2

🔗 References 6

https://bugzilla.mozilla.org/show_bug.cgi?id=2034352
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026...
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026...
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026...
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026...
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-8390 ⚠️ high 7.3 0.0 Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3. 2026-05-12
CVE-2026-8401 ⛔ critical 9.8 0.1 Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3. 2026-05-12
CVE-2026-8091 ⛔ critical 9.8 0.0 Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thund... 2026-05-07
CVE-2026-8092 ⚠️ high 8.1 0.0 Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed ... 2026-05-07
CVE-2026-8093 ⚠️ high 8.1 0.0 Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume th... 2026-05-07
CVE-2026-8094 ⛔ critical 9.8 0.0 Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2. 2026-05-07
These CVEs affect the same products