{"uuid": "eed1dbdf-5a0f-4cc2-9665-fa1ff05b0c1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "Security Vulnerabilities fixed in Firefox 150.0.3 \u2014 Mozilla Mozilla Foundation Security Advisory 2026-45", "description": "# Security Vulnerabilities fixed in Firefox 150.0.3 \u2014 Mozilla\nMozilla Foundation Security Advisory 2026-45\n--------------------------------------------\n\nAnnounced\n\nMay 12, 2026\n\nImpact\n\nhigh\n\nProducts\n\nFirefox\n\nFixed in\n\n*   Firefox 150.0.3\n\n#### [#CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component](#CVE-2026-8388)\n\nReporter\n\nggwhyp\n\nImpact\n\nhigh\n\n##### References\n\n*   [Bug 2036978](https://bugzilla.mozilla.org/show_bug.cgi?id=2036978)\n\n#### [#CVE-2026-8389: JIT miscompilation in the JavaScript Engine: JIT component](#CVE-2026-8389)\n\nReporter\n\nggwhyp\n\nImpact\n\nhigh\n\n##### References\n\n*   [Bug 2036983](https://bugzilla.mozilla.org/show_bug.cgi?id=2036983)\n\n#### [#CVE-2026-8390: Use-after-free in the JavaScript: WebAssembly component](#CVE-2026-8390)\n\nReporter\n\nOpenAI Preparedness, Bill Demirkapi\n\nImpact\n\nhigh\n\n##### References\n\n*   [Bug 2038081](https://bugzilla.mozilla.org/show_bug.cgi?id=2038081)\n\n#### [#CVE-2026-8391: Other issue in the JavaScript Engine component](#CVE-2026-8391)\n\nReporter\n\nggwhyp\n\nImpact\n\nhigh\n\n##### References\n\n*   [Bug 2038575](https://bugzilla.mozilla.org/show_bug.cgi?id=2038575)\n\n#### [#CVE-2026-8401: Sandbox escape in the Profile Backup component](#CVE-2026-8401)\n\nReporter\n\nggwhyp\n\nImpact\n\nhigh\n\n##### References\n\n*   [Bug 2038679](https://bugzilla.mozilla.org/show_bug.cgi?id=2038679)", "creation_timestamp": "2026-05-13T06:44:38.821589+00:00", "timestamp": "2026-05-13T06:44:38.821589+00:00", "related_vulnerabilities": ["CVE-2026-8391", "CVE-2026-8401", "CVE-2026-8389", "CVE-2026-8390", "CVE-2026-8388"], "author": {"login": "adulau", "name": "Alexandre Dulaunoy", "uuid": "c933734a-9be8-4142-889e-26e95c752803"}}