Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2109-1 advisory.

    This update for MozillaFirefox fixes the following issues

    Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-41, MFSA 2026-48 (bsc#1265212,     bsc#1264378):

    - CVE-2026-8090: Use-after-free in the DOM: Networking component.
    - CVE-2026-8092: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox     150.0.2.
    - CVE-2026-8094: Other issue in the WebRTC component.
    - CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component.
    - CVE-2026-8391: Other issue in the JavaScript Engine component.
    - CVE-2026-8401: Sandbox escape in the Profile Backup component.
    - CVE-2026-8946: Incorrect boundary conditions in the Audio/Video: Web Codecs component.
    - CVE-2026-8947: Use-after-free in the DOM: Bindings (WebIDL) component.
    - CVE-2026-8949: Integer overflow in the Widget: Win32 component.
    - CVE-2026-8950: Same-origin policy bypass in the Networking: HTTP component.
    - CVE-2026-8953: Sandbox escape due to use-after-free in the Disability Access APIs component.
    - CVE-2026-8954: Incorrect boundary conditions, integer overflow in the Audio/Video component.
    - CVE-2026-8955: Privilege escalation in the DOM: Workers component.
    - CVE-2026-8956: Integer overflow in the Networking: JAR component.
    - CVE-2026-8957: Privilege escalation in the Enterprise Policies component.
    - CVE-2026-8958: Information disclosure, sandbox escape in the Security: Process Sandboxing component.
    - CVE-2026-8959: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component.
    - CVE-2026-8961: Spoofing issue in the Form Autofill component.
    - CVE-2026-8962: Mitigation bypass in the DOM: Security component.
    - CVE-2026-8968: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component.
    - CVE-2026-8970: Privilege escalation in the Security component.
    - CVE-2026-8974: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151.
    - CVE-2026-8975: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20789-1 advisory.

    This update for MozillaFirefox fixes the following issues

    - Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 (bsc#1265212).

    MFSA 2026-48:

    - CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component.
    - CVE-2026-8391: Other issue in the JavaScript Engine component.
    - CVE-2026-8401: Sandbox escape in the Profile Backup component.
    - CVE-2026-8946: Incorrect boundary conditions in the Audio/Video: Web Codecs component.
    - CVE-2026-8947: Use-after-free in the DOM: Bindings (WebIDL) component.
    - CVE-2026-8949: Integer overflow in the Widget: Win32 component.
    - CVE-2026-8950: Same-origin policy bypass in the Networking: HTTP component.
    - CVE-2026-8953: Sandbox escape due to use-after-free in the Disability Access APIs component.
    - CVE-2026-8954: Incorrect boundary conditions, integer overflow in the Audio/Video component.
    - CVE-2026-8955: Privilege escalation in the DOM: Workers component.
    - CVE-2026-8956: Integer overflow in the Networking: JAR component.
    - CVE-2026-8957: Privilege escalation in the Enterprise Policies component.
    - CVE-2026-8958: Information disclosure, sandbox escape in the Security: Process Sandboxing component.
    - CVE-2026-8959: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component.
    - CVE-2026-8961: Spoofing issue in the Form Autofill component.
    - CVE-2026-8962: Mitigation bypass in the DOM: Security component.
    - CVE-2026-8968: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component.
    - CVE-2026-8970: Privilege escalation in the Security component.
    - CVE-2026-8974: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151.
    - CVE-2026-8975: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2039-1 advisory.

    This update for MozillaFirefox fixes the following issue

    Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 (bsc#1265212)

    - CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component.
    - CVE-2026-8391: Other issue in the JavaScript Engine component.
    - CVE-2026-8401: Sandbox escape in the Profile Backup component.
    - CVE-2026-8946: Incorrect boundary conditions in the Audio/Video: Web Codecs component.
    - CVE-2026-8947: Use-after-free in the DOM: Bindings (WebIDL) component.
    - CVE-2026-8949: Integer overflow in the Widget: Win32 component.
    - CVE-2026-8950: Same-origin policy bypass in the Networking: HTTP component.
    - CVE-2026-8953: Sandbox escape due to use-after-free in the Disability Access APIs component.
    - CVE-2026-8954: Incorrect boundary conditions, integer overflow in the Audio/Video component.
    - CVE-2026-8955: Privilege escalation in the DOM: Workers component.
    - CVE-2026-8956: Integer overflow in the Networking: JAR component.
    - CVE-2026-8957: Privilege escalation in the Enterprise Policies component.
    - CVE-2026-8958: Information disclosure, sandbox escape in the Security: Process Sandboxing component.
    - CVE-2026-8959: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component.
    - CVE-2026-8961: Spoofing issue in the Form Autofill component.
    - CVE-2026-8962: Mitigation bypass in the DOM: Security component.
    - CVE-2026-8968: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component.
    - CVE-2026-8970: Privilege escalation in the Security component.
    - CVE-2026-8974: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151.
    - CVE-2026-8975: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-7f6ee801e2 advisory.

    Update NSS to 3.123.1     Update to Firefox 151.0


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR     140.11, Thunderbird 151, and Thunderbird 140.11. (CVE-2026-8949)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f3409cf313 advisory.

    Updated to latest upstream (151.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-cd20332935 advisory.

    Update NSS to 3.123.1     Update to Firefox 151.0

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-firefox installed on the remote host is prior to 140.11.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-139-02 advisory.

    New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the mozilla-firefox security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-thunderbird installed on the remote host is prior to 140.11.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-139-03 advisory.

    New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the mozilla-thunderbird security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 151.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-50 advisory.

  - Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence     of memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2026-8974, CVE-2026-8975)

  - Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in     Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
    (CVE-2026-8946)

  - Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151,     Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. (CVE-2026-8947)

  - Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151     and Thunderbird 151. (CVE-2026-8948)

  - Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR     140.11, Thunderbird 151, and Thunderbird 140.11. (CVE-2026-8949)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 140.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-51 advisory.

  - Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence     of memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2026-8974, CVE-2026-8975)

  - Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in     Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
    (CVE-2026-8946)

  - Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in     Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. (CVE-2026-8388)

  - Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151,     Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. (CVE-2026-8947)

  - Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox     ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. (CVE-2026-8391)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 151.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-50 advisory.

  - Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence     of memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2026-8974, CVE-2026-8975)

  - Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in     Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
    (CVE-2026-8946)

  - Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151,     Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. (CVE-2026-8947)

  - Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151     and Thunderbird 151. (CVE-2026-8948)

  - Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR     140.11, Thunderbird 151, and Thunderbird 140.11. (CVE-2026-8949)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-51 advisory.

  - Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence     of memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2026-8974, CVE-2026-8975)

  - Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in     Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
    (CVE-2026-8946)

  - Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in     Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. (CVE-2026-8388)

  - Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151,     Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. (CVE-2026-8947)

  - Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox     ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. (CVE-2026-8391)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 151.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-46 advisory.

  - Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2026-8975)

  - Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox     ESR 140.11, Thunderbird 151, and Thunderbird 140.11. (CVE-2026-8956)

  - Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.
    (CVE-2026-8945)

  - Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in     Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
    (CVE-2026-8946)

  - Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151,     Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. (CVE-2026-8947)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 140.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-48 advisory.

  - Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox     ESR 115.36, and Firefox ESR 140.11. (CVE-2026-8401)

  - Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in     Firefox 150.0.3, Firefox ESR 115.36, and Firefox ESR 140.11. (CVE-2026-8388)

  - Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox     ESR 115.36, and Firefox ESR 140.11. (CVE-2026-8391)

  - Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2026-8974)

  - Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2026-8975)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 140.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-48 advisory.

  - Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox     ESR 115.36, and Firefox ESR 140.11. (CVE-2026-8401)

  - Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in     Firefox 150.0.3, Firefox ESR 115.36, and Firefox ESR 140.11. (CVE-2026-8388)

  - Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox     ESR 115.36, and Firefox ESR 140.11. (CVE-2026-8391)

  - Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2026-8974)

  - Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2026-8975)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 151.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-46 advisory.

  - Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2026-8975)

  - Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox     ESR 140.11, Thunderbird 151, and Thunderbird 140.11. (CVE-2026-8956)

  - Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.
    (CVE-2026-8945)

  - Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in     Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
    (CVE-2026-8946)

  - Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151,     Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. (CVE-2026-8947)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
318094	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2026:2109-1)	Nessus	SuSE Local Security Checks	critical
316857	openSUSE 16 Security Update : MozillaFirefox (openSUSE-SU-2026:20789-1)	Nessus	SuSE Local Security Checks	critical
316766	SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2026:2039-1)	Nessus	SuSE Local Security Checks	critical
316628	Fedora 42 : firefox / nss (2026-7f6ee801e2)	Nessus	Fedora Local Security Checks	critical
316430	Linux Distros Unpatched Vulnerability : CVE-2026-8949	Nessus	Misc.	high
315985	Fedora 44 : firefox (2026-f3409cf313)	Nessus	Fedora Local Security Checks	critical
315967	Fedora 43 : firefox / nss (2026-cd20332935)	Nessus	Fedora Local Security Checks	critical
315522	Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2026-139-02)	Nessus	Slackware Local Security Checks	critical
315520	Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2026-139-03)	Nessus	Slackware Local Security Checks	critical
315434	Mozilla Thunderbird < 151.0	Nessus	MacOS X Local Security Checks	critical
315433	Mozilla Thunderbird < 140.11	Nessus	Windows	critical
315432	Mozilla Thunderbird < 151.0	Nessus	Windows	critical
315431	Mozilla Thunderbird < 140.11	Nessus	MacOS X Local Security Checks	critical
315327	Mozilla Firefox < 151.0	Nessus	MacOS X Local Security Checks	critical
315326	Mozilla Firefox ESR < 140.11	Nessus	MacOS X Local Security Checks	critical
315325	Mozilla Firefox ESR < 140.11	Nessus	Windows	critical
315323	Mozilla Firefox < 151.0	Nessus	Windows	critical

Detections

Analytics

CVE-2026-8949

high

Tenable Plugins

critical

critical

critical

critical

high

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical