Description
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3.
Published: 2026-06-02
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

JIT miscompilation in the JavaScript engine’s JIT component can cause the generation of incorrect machine‑code when compiling malicious JavaScript. The flaw is categorized by CWE‑843. If an attacker successfully triggers the miscompilation, arbitrary code could execute within the browser process, enabling unauthorized access to user data or control of the system. The likely attack vector is the delivery of malicious JavaScript through a compromised or malicious web page, but this is inferred from the nature of the vulnerability and not explicitly stated in the advisory.

Affected Systems

Mozilla Firefox installations that have not applied the fix introduced in version 151.0.3 remain vulnerable. Earlier releases, such as 151.0 and 150.x and older, also lack the patch and are therefore affected.

Risk and Exploitability

The CVSS score of 4.3 indicates a low severity, and the EPSS score of <1% suggests that exploitation attempts are unlikely. The vulnerability is not listed in the CISA KEV catalog. Based on the description, exploitation would require the delivery of malicious JavaScript to a user’s browser, and the JIT would need to miscompile that code; thus the overall risk remains modest yet real if the conditions are met.

Generated by OpenCVE AI on June 3, 2026 at 20:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox to version 151.0.3 or later.
  • Enable automatic updates to receive future security fixes.
  • Use available content isolation or sandboxing features to limit the impact of JavaScript execution.

Generated by OpenCVE AI on June 3, 2026 at 20:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*

Wed, 03 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1021

Wed, 03 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-843
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 04:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Weaknesses CWE-1021
Vendors & Products Mozilla
Mozilla firefox

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3.
Title JIT miscompilation in the JavaScript Engine: JIT component
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-06-03T15:17:51.325Z

Reserved: 2026-06-02T17:12:59.021Z

Link: CVE-2026-10702

cve-icon Vulnrichment

Updated: 2026-06-03T15:14:24.715Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-02T20:16:33.377

Modified: 2026-06-04T18:38:31.933

Link: CVE-2026-10702

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T20:30:36Z

Weaknesses
  • CWE-843

    Access of Resource Using Incompatible Type ('Type Confusion')