Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.
https://www.mozilla.org/security/advisories/mfsa2026-44/
https://www.mozilla.org/security/advisories/mfsa2026-43/
https://www.mozilla.org/security/advisories/mfsa2026-42/
https://www.mozilla.org/security/advisories/mfsa2026-41/
https://www.mozilla.org/security/advisories/mfsa2026-40/
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8090.json
https://bugzilla.redhat.com/show_bug.cgi?id=2467709
https://bugzilla.mozilla.org/show_bug.cgi?id=2034352
https://access.redhat.com/security/cve/CVE-2026-8090
https://access.redhat.com/errata/RHSA-2026:25015
https://access.redhat.com/errata/RHSA-2026:24983
https://access.redhat.com/errata/RHSA-2026:24755
https://access.redhat.com/errata/RHSA-2026:24516
https://access.redhat.com/errata/RHSA-2026:24511
https://access.redhat.com/errata/RHSA-2026:24510
https://access.redhat.com/errata/RHSA-2026:24509
https://access.redhat.com/errata/RHSA-2026:24508
https://access.redhat.com/errata/RHSA-2026:20574