Vulnerability-Lookup

CVE-2026-8390 (GCVE-0-2026-8390)

Vulnerability from cvelistv5 – Published: 2026-05-12 12:36 – Updated: 2026-06-30 12:10

Title

Use-after-free in the JavaScript: WebAssembly component

Summary

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-416 - Use After Free
CWE-825 - Expired Pointer Dereference

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2038081
https://www.mozilla.org/security/advisories/mfsa2…
https://access.redhat.com/security/cve/CVE-2026-8390	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2476474	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex

Impacted products

6 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 150.0.3 , ≤ * (rpm)
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Credits

OpenAI Preparedness, Bill Demirkapi

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8390",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-13T18:30:10.726744Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T18:30:14.904Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-05-12T12:36:13.948Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Firefox. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nUse-after-free in the JavaScript: WebAssembly component"
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-825",
                "description": "Expired Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:10:53.942Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-8390"
          },
          {
            "name": "RHBZ#2476474",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476474"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8390.json"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-05-12T14:01:48.857Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-05-12T12:36:13.948Z",
            "value": "Made public."
          }
        ],
        "title": "firefox: Use-after-free in the JavaScript: WebAssembly component",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150.0.3",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "OpenAI Preparedness, Bill Demirkapi"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3."
            }
          ],
          "value": "Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-12T15:57:11.228Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038081"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-45/"
        }
      ],
      "title": "Use-after-free in the JavaScript: WebAssembly component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-8390",
    "datePublished": "2026-05-12T12:36:13.948Z",
    "dateReserved": "2026-05-12T12:36:13.277Z",
    "dateUpdated": "2026-06-30T12:10:53.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-8390",
      "date": "2026-06-30",
      "epss": "0.0026",
      "percentile": "0.17232"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-8390\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2026-05-12T14:17:12.050\",\"lastModified\":\"2026-06-30T03:21:42.720\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.\"}],\"affected\":[{\"source\":\"security@mozilla.org\",\"affectedData\":[{\"vendor\":\"Mozilla\",\"product\":\"Firefox\",\"versions\":[{\"version\":\"150.0.3\",\"lessThanOrEqual\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 6\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-13T18:30:10.726744Z\",\"id\":\"CVE-2026-8390\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-825\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"150.0.3\",\"matchCriteriaId\":\"B13F359A-1C15-48B4-8319-AD42CC852E8C\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=2038081\",\"source\":\"security@mozilla.org\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2026-45/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-8390\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2476474\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8390.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"firefox: Use-after-free in the JavaScript: WebAssembly component\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-12T14:01:48.857Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-05-12T12:36:13.948Z\", \"value\": \"Made public.\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-05-12T12:36:13.948Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-8390\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2476474\", \"name\": \"RHBZ#2476474\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8390.json\", \"tags\": [\"x_sadp-csaf-vex\"]}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in Firefox. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\\nUse-after-free in the JavaScript: WebAssembly component\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-825\", \"description\": \"Expired Pointer Dereference\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-06-30T03:18:28.505Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-8390\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-13T18:30:10.726744Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-13T18:30:05.899Z\"}}], \"cna\": {\"title\": \"Use-after-free in the JavaScript: WebAssembly component\", \"credits\": [{\"lang\": \"en\", \"value\": \"OpenAI Preparedness, Bill Demirkapi\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"150.0.3\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"*\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=2038081\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2026-45/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2026-05-12T15:57:11.228Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-8390\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-30T03:18:28.505Z\", \"dateReserved\": \"2026-05-12T12:36:13.277Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2026-05-12T12:36:13.948Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0578

Vulnerability from certfr_avis - Published: 2026-05-13 - Updated: 2026-05-13

De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Firefox versions antérieures à 150.0.3

References

Title

Publication Time

CNVD-2026-23638

Vulnerability from cnvd - Published: 2026-06-10

Title

Mozilla Firefox内存错误引用漏洞（CNVD-2026-23638）

Description

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox存在内存错误引用漏洞，该漏洞源于JavaScript: WebAssembly组件负责释放内存的指令发生混乱。攻击者可利用该漏洞在系统上执行任意代码或造成拒绝服务。

Severity

高

Patch Name

Mozilla Firefox内存错误引用漏洞（CNVD-2026-23638）的补丁

Patch Description

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox存在内存错误引用漏洞，该漏洞源于JavaScript: WebAssembly组件负责释放内存的指令发生混乱。攻击者可利用该漏洞在系统上执行任意代码或造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.firefox.com/zh-CN/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2026-8390

Impacted products

Name
Mozilla Firefox <150.0.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-8390",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-8390"
    }
  },
  "description": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\n\nMozilla Firefox\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eJavaScript: WebAssembly\u7ec4\u4ef6\u8d1f\u8d23\u91ca\u653e\u5185\u5b58\u7684\u6307\u4ee4\u53d1\u751f\u6df7\u4e71\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.firefox.com/zh-CN/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-23638",
  "openTime": "2026-06-10",
  "patchDescription": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMozilla Firefox\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eJavaScript: WebAssembly\u7ec4\u4ef6\u8d1f\u8d23\u91ca\u653e\u5185\u5b58\u7684\u6307\u4ee4\u53d1\u751f\u6df7\u4e71\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Mozilla Firefox\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2026-23638\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Mozilla Firefox \u003c150.0.3"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-8390",
  "serverity": "\u9ad8",
  "submitTime": "2026-05-18",
  "title": "Mozilla Firefox\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2026-23638\uff09"
}

FKIE_CVE-2026-8390

Vulnerability from fkie_nvd - Published: 2026-05-12 14:17 - Updated: 2026-06-17 11:03

Severity

7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.

References

	URL	Tags
	security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=2038081	Permissions Required
	security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2026-45/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	mozilla	firefox	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150.0.3",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "source": "security@mozilla.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "B13F359A-1C15-48B4-8319-AD42CC852E8C",
              "versionEndExcluding": "150.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3."
    }
  ],
  "id": "CVE-2026-8390",
  "lastModified": "2026-06-17T11:03:52.730",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-8390",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "yes"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-05-13T18:30:10.726744Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-05-12T14:17:12.050",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038081"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-45/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-GGQH-JGM2-3W29

Vulnerability from github – Published: 2026-05-12 15:31 – Updated: 2026-06-30 03:36

Details

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.

Severity

7.3 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-8390"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416",
      "CWE-825"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-12T14:17:12Z",
    "severity": "HIGH"
  },
  "details": "Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3.",
  "id": "GHSA-ggqh-jgm2-3w29",
  "modified": "2026-06-30T03:36:39Z",
  "published": "2026-05-12T15:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8390"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-8390"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038081"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476474"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8390.json"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-45"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

WID-SEC-W-2026-1503

Vulnerability from csaf_certbund - Published: 2026-05-12 22:00 - Updated: 2026-06-16 22:00

Summary

Mozilla Firefox: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Firefox ist ein Open Source Web Browser.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, darunter möglicherweise die Ausführung von Code, die Umgehung von Sicherheitsmaßnahmen, die Offenlegung oder Manipulation von Daten oder die Herbeiführung von Denial-of-Service-Zuständen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2026-8388

Affected products

Known affected 8 products

Product	Identifier	Version
Mozilla Firefox <150.0.3 Mozilla / Firefox		<150.0.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2026-8389

Affected products

Known affected 8 products

Product	Identifier	Version
Mozilla Firefox <150.0.3 Mozilla / Firefox		<150.0.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2026-8390

Affected products

Known affected 8 products

Product	Identifier	Version
Mozilla Firefox <150.0.3 Mozilla / Firefox		<150.0.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2026-8391

Affected products

Known affected 8 products

Product	Identifier	Version
Mozilla Firefox <150.0.3 Mozilla / Firefox		<150.0.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2026-8401

Affected products

Known affected 8 products

Product	Identifier	Version
Mozilla Firefox <150.0.3 Mozilla / Firefox		<150.0.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

References

23 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.mozilla.org/en-US/security/advisories…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://lists.debian.org/debian-security-announce…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://access.redhat.com/errata/RHSA-2026:21378	external
https://access.redhat.com/errata/RHSA-2026:21380	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:21382	external
https://errata.build.resf.org/RLSA-2026:21382	external
https://linux.oracle.com/errata/ELSA-2026-21382.html	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://errata.build.resf.org/RLSA-2026:21378	external
https://kb.igel.com/en/security-safety/current/is…	external
http://linux.oracle.com/errata/ELSA-2026-22643.html	external
https://errata.build.resf.org/RLSA-2026:21380	external
https://access.redhat.com/errata/RHSA-2026:26492	external
https://access.redhat.com/errata/RHSA-2026:26493	external
https://access.redhat.com/errata/RHSA-2026:26491	external
https://access.redhat.com/errata/RHSA-2026:26551	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Firefox ist ein Open Source Web Browser.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox ausnutzen, um nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren, darunter m\u00f6glicherweise die Ausf\u00fchrung von Code, die Umgehung von Sicherheitsma\u00dfnahmen, die Offenlegung oder Manipulation von Daten oder die Herbeif\u00fchrung von Denial-of-Service-Zust\u00e4nden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1503 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1503.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1503 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1503"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory mfsa2026-45 vom 2026-05-12",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10813-1 vom 2026-05-20",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4PBMNGPCFVXRJKTYWURGMAHKO2FKQDE/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4592 vom 2026-05-20",
        "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00037.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6283 vom 2026-05-20",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00194.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2039-1 vom 2026-05-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026240.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20789-1 vom 2026-05-25",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2XKHQFOHFVU7FRH6PM55T4P7D5OPT6NZ/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:21378 vom 2026-05-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:21378"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:21380 vom 2026-05-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:21380"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21828-1 vom 2026-05-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026321.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:21382 vom 2026-05-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:21382"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:21382 vom 2026-05-29",
        "url": "https://errata.build.resf.org/RLSA-2026:21382"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-21382 vom 2026-05-28",
        "url": "https://linux.oracle.com/errata/ELSA-2026-21382.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2109-1 vom 2026-05-29",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026378.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:21378 vom 2026-05-30",
        "url": "https://errata.build.resf.org/RLSA-2026:21378"
      },
      {
        "category": "external",
        "summary": "IGEL Security Notice ISN-2026-22 vom 2026-06-02",
        "url": "https://kb.igel.com/en/security-safety/current/isn-2026-22-firefox-esr-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-22643 vom 2026-06-04",
        "url": "http://linux.oracle.com/errata/ELSA-2026-22643.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:21380 vom 2026-06-04",
        "url": "https://errata.build.resf.org/RLSA-2026:21380"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:26492 vom 2026-06-17",
        "url": "https://access.redhat.com/errata/RHSA-2026:26492"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:26493 vom 2026-06-17",
        "url": "https://access.redhat.com/errata/RHSA-2026:26493"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:26491 vom 2026-06-17",
        "url": "https://access.redhat.com/errata/RHSA-2026:26491"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:26551 vom 2026-06-17",
        "url": "https://access.redhat.com/errata/RHSA-2026:26551"
      }
    ],
    "source_lang": "en-US",
    "title": "Mozilla Firefox: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-16T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-17T11:14:54.528+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1503",
      "initial_release_date": "2026-05-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-20T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von openSUSE und Debian aufgenommen"
        },
        {
          "date": "2026-05-21T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-05-25T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-05-27T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat und SUSE aufgenommen"
        },
        {
          "date": "2026-05-28T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-05-31T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE und Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-06-02T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IGEL aufgenommen"
        },
        {
          "date": "2026-06-04T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Oracle Linux und Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-06-16T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "10"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IGEL OS",
            "product": {
              "name": "IGEL OS",
              "product_id": "T017865",
              "product_identification_helper": {
                "cpe": "cpe:/o:igel:os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IGEL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c150.0.3",
                "product": {
                  "name": "Mozilla Firefox \u003c150.0.3",
                  "product_id": "T053949"
                }
              },
              {
                "category": "product_version",
                "name": "150.0.3",
                "product": {
                  "name": "Mozilla Firefox 150.0.3",
                  "product_id": "T053949-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox:150.0.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox"
          }
        ],
        "category": "vendor",
        "name": "Mozilla"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-8388",
      "product_status": {
        "known_affected": [
          "T053949",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-8388"
    },
    {
      "cve": "CVE-2026-8389",
      "product_status": {
        "known_affected": [
          "T053949",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-8389"
    },
    {
      "cve": "CVE-2026-8390",
      "product_status": {
        "known_affected": [
          "T053949",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-8390"
    },
    {
      "cve": "CVE-2026-8391",
      "product_status": {
        "known_affected": [
          "T053949",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-8391"
    },
    {
      "cve": "CVE-2026-8401",
      "product_status": {
        "known_affected": [
          "T053949",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-8401"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-8390 (GCVE-0-2026-8390)

CERTFR-2026-AVI-0578

Solutions

CNVD-2026-23638

FKIE_CVE-2026-8390

GHSA-GGQH-JGM2-3W29

WID-SEC-W-2026-1503

Tags

Sightings

Nomenclature