Description
Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2.
Published: 2026-05-07
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Memory safety bugs were found in Firefox version 150.0.1. The bugs lead to memory corruption that could, with sufficient effort, allow an attacker to execute arbitrary code. The weakness is a buffer overflow (CWE-119) that can corrupt program state. Successful exploitation would give an attacker control over the browser process and could be used to compromise the host system.

Affected Systems

Mozilla Firefox is affected, specifically the 150.0.1 release. Versions 150.0.2 and later contain the patch that eliminates the vulnerabilities. No other versions are explicitly mentioned, so earlier or newer releases without the fix could remain vulnerable until updated.

Risk and Exploitability

The CVSS score is 7.5, indicating moderate to high severity. The EPSS score is not available, so the likelihood of exploitation is unknown. The vulnerability is not listed in CISA's KEV catalog, suggesting no known public exploits. The most likely attack vector involves an attacker delivering crafted web content or a malicious website to a user browsing with the vulnerable Firefox version. If the bug can be reliably triggered, an attacker could gain arbitrary code execution in the browser context, potentially escalating to full system compromise.

Generated by OpenCVE AI on May 7, 2026 at 16:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox to version 150.0.2 or later, which includes the fix for the memory safety bugs.
  • If a timely update is not possible, avoid browsing untrusted or unknown web pages while using Firefox 150.0.1.
  • Consider using a hardened browsing environment or an alternative browser that has already received the patch if the update cannot be applied immediately.

Generated by OpenCVE AI on May 7, 2026 at 16:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 15:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
CWE-122

Thu, 07 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Weaknesses CWE-120
CWE-122
Vendors & Products Mozilla
Mozilla firefox

Thu, 07 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 07 May 2026 13:00:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2.
Title Memory safety bugs fixed in Firefox 150.0.2
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-05-07T13:52:09.543Z

Reserved: 2026-05-07T12:45:07.174Z

Link: CVE-2026-8093

cve-icon Vulnrichment

Updated: 2026-05-07T13:50:58.540Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-07T13:16:14.317

Modified: 2026-05-07T15:16:11.643

Link: CVE-2026-8093

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T17:00:12Z

Weaknesses