Description
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.
Published: 2026-05-12
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Based on the description, it is inferred that a use‑after‑free bug in Mozilla Firefox’s JavaScript WebAssembly component allows an attacker to reference memory that has already been freed, potentially corrupting the execution flow of the browser. If triggered by malicious WebAssembly code embedded in a web page, the flaw can lead to arbitrary code execution or memory corruption, compromising the confidentiality, integrity or availability of the affected user’s system.

Affected Systems

Mozilla Firefox. All versions released before 150.0.3 are affected; the vulnerability was addressed in Firefox 150.0.3 and later.

Risk and Exploitability

The CVSS score is not listed and EPSS is not available, so precise severity metrics are unknown. The vulnerability is not part of the CISA KEV catalog. However, based on the description, it is inferred that the nature of a use‑after‑free flaw typically implies a high risk of exploitation when an attacker can supply malicious WebAssembly payloads, necessitating urgent mitigation.

Generated by OpenCVE AI on May 12, 2026 at 15:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Firefox 150.0.3 or any newer release that contains the fix.
  • If an upgrade cannot be performed immediately, block or disable WebAssembly on untrusted sites by configuring the browser’s policy settings or by enforcing stricter content‑security‑policy directives.
  • Continue to monitor Mozilla’s security advisories for further updates and apply any additional mitigations that may be recommended as part of future releases.

Generated by OpenCVE AI on May 12, 2026 at 15:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 15:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Tue, 12 May 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 12 May 2026 13:30:00 +0000

Type Values Removed Values Added
Description Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.
Title Use-after-free in the JavaScript: WebAssembly component
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-05-12T15:57:11.228Z

Reserved: 2026-05-12T12:36:13.277Z

Link: CVE-2026-8390

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T14:17:12.050

Modified: 2026-05-12T14:20:56.547

Link: CVE-2026-8390

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T15:30:18Z

Weaknesses