CVE-2026-8975

high

Description

Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

References

https://www.mozilla.org/security/advisories/mfsa2026-51/

https://www.mozilla.org/security/advisories/mfsa2026-50/

https://www.mozilla.org/security/advisories/mfsa2026-48/

https://www.mozilla.org/security/advisories/mfsa2026-47/

https://www.mozilla.org/security/advisories/mfsa2026-46/

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8975.json

https://bugzilla.redhat.com/show_bug.cgi?id=2479840

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1860195%2C2029325%2C2029429%2C2029910%2C2035915%2C2038678%2C2038669

https://access.redhat.com/security/cve/CVE-2026-8975

https://access.redhat.com/errata/RHSA-2026:27715

https://access.redhat.com/errata/RHSA-2026:26630

https://access.redhat.com/errata/RHSA-2026:26629

https://access.redhat.com/errata/RHSA-2026:26606

https://access.redhat.com/errata/RHSA-2026:26551

https://access.redhat.com/errata/RHSA-2026:26539

https://access.redhat.com/errata/RHSA-2026:26536

https://access.redhat.com/errata/RHSA-2026:26521

https://access.redhat.com/errata/RHSA-2026:26493

https://access.redhat.com/errata/RHSA-2026:26492

https://access.redhat.com/errata/RHSA-2026:26491

https://access.redhat.com/errata/RHSA-2026:26270

https://access.redhat.com/errata/RHSA-2026:26269

https://access.redhat.com/errata/RHSA-2026:26268

https://access.redhat.com/errata/RHSA-2026:26174

https://access.redhat.com/errata/RHSA-2026:22643

https://access.redhat.com/errata/RHSA-2026:22325

https://access.redhat.com/errata/RHSA-2026:21382

https://access.redhat.com/errata/RHSA-2026:21381

https://access.redhat.com/errata/RHSA-2026:21380

https://access.redhat.com/errata/RHSA-2026:21378

Details

Source: Mitre, NVD

Published: 2026-05-19

Updated: 2026-06-30

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00055