CVE Catalog
CVE-2026-8391
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk0.30%
21th percentile - higher than 21% of all known CVEs
Summary
An unspecified vulnerability was discovered in the JavaScript Engine component of Firefox and Thunderbird. The flaw is fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
Risk Assessment
An attacker could exploit this vulnerability to execute arbitrary code or compromise user data confidentiality.
Recommendation
Immediately update Firefox to version 150.0.3 or later, and Firefox ESR and Thunderbird to the versions specified in the advisory.
Original NVD description (English source)
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

