Description
Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
Published: 2026-05-12
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability involves incorrect handling of boundary conditions in the JavaScript engine’s just‑in‑time (JIT) compiler. This flaw can cause an out‑of‑bounds memory operation while the engine is generating bytecode. The CVE description does not specify the exact consequences, but the nature of the defect suggests potential corruption of browser memory or instability.

Affected Systems

Mozilla Firefox is the only vendor identified. Versions prior to 150.0.3 are affected, as the fix is included in that release. No other products or versions are explicitly mentioned in the advisory.

Risk and Exploitability

The vulnerability is not listed in the CISA KEV catalog and no EPSS score is provided, meaning there is no publicly documented exploitation at this time. The CVSS score of 6.5 indicates a moderate severity threat. Potential exploitation would likely occur via malicious web content that triggers the vulnerable path in the JIT compiler. Based on the description, it is inferred that an attacker could induce memory corruption by delivering crafted JavaScript to a vulnerable browser instance.

Generated by OpenCVE AI on May 12, 2026 at 21:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox to version 150.0.3 or later.
  • If an upgrade cannot be performed immediately, consider disabling JavaScript execution globally or enforcing a strict content‑security‑policy that blocks suspicious scripts.
  • Monitor browser log files and system events for crashes or anomalous memory‑access errors that may indicate an exploit attempt.

Generated by OpenCVE AI on May 12, 2026 at 21:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 15:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-787

Tue, 12 May 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 12 May 2026 13:30:00 +0000

Type Values Removed Values Added
Description Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3.
Title Incorrect boundary conditions in the JavaScript Engine: JIT component
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-05-12T18:29:06.860Z

Reserved: 2026-05-12T12:36:09.855Z

Link: CVE-2026-8388

cve-icon Vulnrichment

Updated: 2026-05-12T18:28:17.148Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T14:17:11.813

Modified: 2026-05-12T19:48:21.497

Link: CVE-2026-8388

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T21:30:25Z

Weaknesses