CVE-2026-8092 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: May 8, 2026
Firefox - Remote Code Execution
Published: May 7, 2026Updated: May 8, 2026Remote Exploitable
Overview
Firefox ESR 115.35.1, ESR 140.10.1, and Firefox 150.0.1 contain memory safety bugs causing memory corruption, letting attackers potentially execute arbitrary code, exploit requires no special privileges.
Severity & Score
Severity: High
CVSS Score: 8.1
Impact
Attackers can exploit memory corruption to execute arbitrary code, potentially leading to full system compromise.
Mitigation
Update to Firefox 150.0.2, Firefox ESR 140.10.2, and Firefox ESR 115.35.2 or later.
References
- https://www.mozilla.org/security/advisories/mfsa2026-43/
- https://www.mozilla.org/security/advisories/mfsa2026-44/
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1806249%2C2021977%2C2022576%2C2022722%2C2024439%2C2027883%2C2029463%2C2030323%2C2032042%2C2032043%2C2033270%2C2033637%2C2034422%2C2034496%2C2035879%2C2036516
- https://www.mozilla.org/security/advisories/mfsa2026-40/
- https://www.mozilla.org/security/advisories/mfsa2026-41/
- https://www.mozilla.org/security/advisories/mfsa2026-42/
Related Resources
Details
- CVE ID
- CVE-2026-8092
- Severity
- High
- CVSS Score
- 8.1
- Type
- buffer_overflow
- Status
- unconfirmed
CWE
- CWE-125
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H