Description
Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, and Firefox ESR 115.35.2.
Published: 2026-05-07
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Memory safety bugs were found in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. The bugs could trigger memory corruption that, with sufficient effort, might enable an attacker to run arbitrary code in the context of the browser. The description indicates evidence of memory corruption, and it is inferred that exploiting the vulnerability would allow execution of code on the affected system.

Affected Systems

Affected products include Mozilla Firefox ESR 115.35.1, Mozilla Firefox ESR 140.10.1 and Mozilla Firefox 150.0.1. The fix is available in the upgraded releases Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2.

Risk and Exploitability

No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, so current exploitation data is limited. Nonetheless, the potential for arbitrary code execution represents a high severity risk for users running the affected browsers, especially when processing untrusted web content. The attack vector is likely through content that exploits the memory corruption during rendering or processing, though specific exploitation reports are not yet documented.

Generated by OpenCVE AI on May 7, 2026 at 14:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Mozilla update to at least Firefox 150.0.2, or the corresponding ESR 140.10.2 or ESR 115.35.2 releases.
  • Ensure that all installed browser extensions are updated to their latest versions, as they may interact with memory handling paths vulnerable to corruption.
  • Use the browser's built‑in security settings to restrict the execution of untrusted content, such as disabling WebAssembly or enforcing strict Content Security Policy settings when browsing riskier sites.

Generated by OpenCVE AI on May 7, 2026 at 14:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-787

Thu, 07 May 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Thu, 07 May 2026 13:00:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, and Firefox ESR 115.35.2.
Title Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-05-07T12:45:06.716Z

Reserved: 2026-05-07T12:45:06.414Z

Link: CVE-2026-8092

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-07T13:16:14.203

Modified: 2026-05-07T14:08:23.440

Link: CVE-2026-8092

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T15:00:13Z

Weaknesses