CVE-2026-8947
published 2026-05-19CVE-2026-8947: Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151…
high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | < Firefox 151 | Firefox 151 |
| mozilla | firefox | < 115.36.0 | 115.36.0 |
| mozilla | firefox | < 151.0.0 | 151.0.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 140.0 < 140.11.0 | 140.11.0 |
| mozilla | firefox_esr | < Firefox ESR 115.36 | Firefox ESR 115.36 |
| mozilla | firefox_esr | < Firefox ESR 140.11 | Firefox ESR 140.11 |
| mozilla | thunderbird | < Thunderbird 140.11 | Thunderbird 140.11 |
| mozilla | thunderbird | < Thunderbird 151 | Thunderbird 151 |
| mozilla | thunderbird | < 140.11 | 140.11 |
| rhel10 | firefox-flatpak | — | — |