cbcvebase.
CVE-2026-8090
published 2026-05-07

CVE-2026-8090: Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird…

high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.

Affected

13 ranges
VendorProductVersion rangeFixed in
mozillafirefox< Firefox 150.0.2Firefox 150.0.2
mozillafirefox< 115.35.2115.35.2
mozillafirefox< 150.0.2150.0.2
mozillafirefox
mozillafirefox>= 128.0 < 140.10.2140.10.2
mozillafirefox_esr< Firefox ESR 115.35.2Firefox ESR 115.35.2
mozillafirefox_esr< Firefox ESR 140.10.2Firefox ESR 140.10.2
mozillathunderbird< Thunderbird 140.10.2Thunderbird 140.10.2
mozillathunderbird< Thunderbird 150.0.2Thunderbird 150.0.2
mozillathunderbird< 140.10.2140.10.2
mozillathunderbird< 150.0.2150.0.2
openbsdopenssh>= 0 < 1:8.2p1-4ubuntu0.13+esm11:8.2p1-4ubuntu0.13+esm1
rhel10firefox-flatpak

CVSS provenance

nvdv3.17.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
osv3.6LOW