CVEFinder.io

CVE-2026-8091

⛔ critical
🔍 Scan for this CVE
Summary

Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, Thunderbird 140.10.1, and Firefox ESR 115.35.2.

CVSS Score
9.8
Critical
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-07
First Seen: 2026-05-10
📊 Relative Risk Intelligence

This CVE is Very High Risk - more severe than 90.4% of all 321,361 vulnerabilities in our database.

#30,761
Top 10% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 8, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Total
Complete system compromise possible
🏆 Discovered By
The Mozilla Fuzzing Team
SSVC data provided by CISA
Last Modified 2026-05-11
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-754

📦 Affected Products 3

Vendor Product Status Affected Versions
mozilla firefox Affected
< 115.35.2
mozilla firefox Affected
> 140.0 < 140.10.1
mozilla thunderbird Affected
> 140.0 < 140.10.1

🔗 References 6

https://bugzilla.mozilla.org/show_bug.cgi?id=2029301
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026...
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026...
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026...
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026...
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-8390 ⚠️ high 7.3 0.0 Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3. 2026-05-12
CVE-2026-8401 ⛔ critical 9.8 0.1 Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3. 2026-05-12
CVE-2026-8090 ⚠️ high 7.3 0.0 Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, ... 2026-05-07
CVE-2026-8092 ⚠️ high 8.1 0.0 Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed ... 2026-05-07
CVE-2026-8093 ⚠️ high 8.1 0.0 Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume th... 2026-05-07
CVE-2026-8094 ⛔ critical 9.8 0.0 Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2. 2026-05-07
These CVEs affect the same products