Vulnerability-Lookup

CVE-2026-8401 (GCVE-0-2026-8401)

Vulnerability from cvelistv5 – Published: 2026-05-12 14:24 – Updated: 2026-05-19 17:10

Title

Sandbox escape in the Profile Backup component

Summary

Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-693 - Protection Mechanism Failure

Assigner

mozilla

References

5 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2038679
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.36 , ≤ 115.* (rpm) Unaffected: 140.11 , ≤ 140.* (rpm) Unaffected: 150.0.3 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.11 , ≤ * (rpm)

Credits

ggwhyp

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-8401",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-14T16:46:22.547730Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T19:54:10.869Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.36",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "150.0.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "140.11",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ggwhyp"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11."
            }
          ],
          "value": "Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T17:10:47.433Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2038679"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-45/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-47/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-48/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-51/"
        }
      ],
      "title": "Sandbox escape in the Profile Backup component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-8401",
    "datePublished": "2026-05-12T14:24:33.320Z",
    "dateReserved": "2026-05-12T14:19:41.837Z",
    "dateUpdated": "2026-05-19T17:10:47.433Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-8401",
      "date": "2026-06-05",
      "epss": "0.00084",
      "percentile": "0.24553"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-8401\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2026-05-12T15:16:20.100\",\"lastModified\":\"2026-05-19T18:16:31.523\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-693\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"150.0.3\",\"matchCriteriaId\":\"B13F359A-1C15-48B4-8319-AD42CC852E8C\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=2038679\",\"source\":\"security@mozilla.org\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2026-45/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2026-47/\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2026-48/\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2026-51/\",\"source\":\"security@mozilla.org\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-8401\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-14T16:46:22.547730Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-693\", \"description\": \"CWE-693 Protection Mechanism Failure\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-14T16:45:19.819Z\"}}], \"cna\": {\"title\": \"Sandbox escape in the Profile Backup component\", \"credits\": [{\"lang\": \"en\", \"value\": \"ggwhyp\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"115.36\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"115.*\"}, {\"status\": \"unaffected\", \"version\": \"140.11\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"140.*\"}, {\"status\": \"unaffected\", \"version\": \"150.0.3\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"*\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"140.11\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"*\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=2038679\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2026-45/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2026-47/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2026-48/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2026-51/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2026-05-19T17:10:47.433Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-8401\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-19T17:10:47.433Z\", \"dateReserved\": \"2026-05-12T14:19:41.837Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2026-05-12T14:24:33.320Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

WID-SEC-W-2026-1503

Vulnerability from csaf_certbund - Published: 2026-05-12 22:00 - Updated: 2026-06-02 22:00

Summary

Mozilla Firefox: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Firefox ist ein Open Source Web Browser.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, darunter möglicherweise die Ausführung von Code, die Umgehung von Sicherheitsmaßnahmen, die Offenlegung oder Manipulation von Daten oder die Herbeiführung von Denial-of-Service-Zuständen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2026-8388

Affected products

Known affected 8 products

Product	Identifier	Version
Mozilla Firefox <150.0.3 Mozilla / Firefox		<150.0.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2026-8389

Affected products

Known affected 8 products

Product	Identifier	Version
Mozilla Firefox <150.0.3 Mozilla / Firefox		<150.0.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2026-8390

Affected products

Known affected 8 products

Product	Identifier	Version
Mozilla Firefox <150.0.3 Mozilla / Firefox		<150.0.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2026-8391

Affected products

Known affected 8 products

Product	Identifier	Version
Mozilla Firefox <150.0.3 Mozilla / Firefox		<150.0.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

CVE-2026-8401

Affected products

Known affected 8 products

Product	Identifier	Version
Mozilla Firefox <150.0.3 Mozilla / Firefox		<150.0.3
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—

References

17 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.mozilla.org/en-US/security/advisories…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://lists.debian.org/debian-security-announce…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://access.redhat.com/errata/RHSA-2026:21378	external
https://access.redhat.com/errata/RHSA-2026:21380	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:21382	external
https://errata.build.resf.org/RLSA-2026:21382	external
https://linux.oracle.com/errata/ELSA-2026-21382.html	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://errata.build.resf.org/RLSA-2026:21378	external
https://kb.igel.com/en/security-safety/current/is…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Firefox ist ein Open Source Web Browser.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox ausnutzen, um nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren, darunter m\u00f6glicherweise die Ausf\u00fchrung von Code, die Umgehung von Sicherheitsma\u00dfnahmen, die Offenlegung oder Manipulation von Daten oder die Herbeif\u00fchrung von Denial-of-Service-Zust\u00e4nden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1503 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1503.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1503 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1503"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory mfsa2026-45 vom 2026-05-12",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-45/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10813-1 vom 2026-05-20",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4PBMNGPCFVXRJKTYWURGMAHKO2FKQDE/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4592 vom 2026-05-20",
        "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00037.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6283 vom 2026-05-20",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00194.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2039-1 vom 2026-05-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026240.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20789-1 vom 2026-05-25",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2XKHQFOHFVU7FRH6PM55T4P7D5OPT6NZ/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:21378 vom 2026-05-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:21378"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:21380 vom 2026-05-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:21380"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21828-1 vom 2026-05-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026321.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:21382 vom 2026-05-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:21382"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:21382 vom 2026-05-29",
        "url": "https://errata.build.resf.org/RLSA-2026:21382"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-21382 vom 2026-05-28",
        "url": "https://linux.oracle.com/errata/ELSA-2026-21382.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2109-1 vom 2026-05-29",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026378.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:21378 vom 2026-05-30",
        "url": "https://errata.build.resf.org/RLSA-2026:21378"
      },
      {
        "category": "external",
        "summary": "IGEL Security Notice ISN-2026-22 vom 2026-06-02",
        "url": "https://kb.igel.com/en/security-safety/current/isn-2026-22-firefox-esr-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Mozilla Firefox: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-02T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-03T06:02:32.380+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1503",
      "initial_release_date": "2026-05-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-20T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von openSUSE und Debian aufgenommen"
        },
        {
          "date": "2026-05-21T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-05-25T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2026-05-27T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat und SUSE aufgenommen"
        },
        {
          "date": "2026-05-28T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-05-31T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE und Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-06-02T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von IGEL aufgenommen"
        }
      ],
      "status": "final",
      "version": "8"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IGEL OS",
            "product": {
              "name": "IGEL OS",
              "product_id": "T017865",
              "product_identification_helper": {
                "cpe": "cpe:/o:igel:os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IGEL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c150.0.3",
                "product": {
                  "name": "Mozilla Firefox \u003c150.0.3",
                  "product_id": "T053949"
                }
              },
              {
                "category": "product_version",
                "name": "150.0.3",
                "product": {
                  "name": "Mozilla Firefox 150.0.3",
                  "product_id": "T053949-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox:150.0.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox"
          }
        ],
        "category": "vendor",
        "name": "Mozilla"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-8388",
      "product_status": {
        "known_affected": [
          "T053949",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-8388"
    },
    {
      "cve": "CVE-2026-8389",
      "product_status": {
        "known_affected": [
          "T053949",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-8389"
    },
    {
      "cve": "CVE-2026-8390",
      "product_status": {
        "known_affected": [
          "T053949",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-8390"
    },
    {
      "cve": "CVE-2026-8391",
      "product_status": {
        "known_affected": [
          "T053949",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-8391"
    },
    {
      "cve": "CVE-2026-8401",
      "product_status": {
        "known_affected": [
          "T053949",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255"
        ]
      },
      "release_date": "2026-05-12T22:00:00.000+00:00",
      "title": "CVE-2026-8401"
    }
  ]
}

WID-SEC-W-2026-1606

Vulnerability from csaf_certbund - Published: 2026-05-19 22:00 - Updated: 2026-06-02 22:00

Summary

Mozilla Firefox und Thunderbird: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Firefox ist ein Open Source Web Browser. ESR ist die Variante mit verlängertem Support. Thunderbird ist ein Open Source E-Mail Client.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird ausnutzen, um beliebigen Code auszuführen, um Informationen offenzulegen, Sicherheitsbeschränkungen zu umgehen (z. B. Sandbox-Escape), den Benutzer zu täuschen, Berechtigungen zu eskalieren oder einen Denial-of-Service-Zustand herbeizuführen.

Betroffene Betriebssysteme: - Android - iPhoneOS - Linux - MacOS X - Windows

CVE-2026-8388

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8391

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8401

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8706

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8945

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8946

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8947

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8948

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8949

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8950

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8951

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8952

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8953

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8954

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8955

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8956

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8957

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8958

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8959

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8960

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8961

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8962

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8963

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8964

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8965

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8966

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8967

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8968

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8969

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8970

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8971

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8972

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8973

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8974

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

CVE-2026-8975

Affected products

Known affected 12 products

Product	Identifier	Version
Mozilla Thunderbird <151 Mozilla / Thunderbird		<151
Mozilla Firefox ESR <140.11 Mozilla / Firefox ESR		<140.11
Mozilla Firefox ESR <115.36 Mozilla / Firefox ESR		<115.36
Mozilla Firefox <151 Mozilla / Firefox		<151
Debian Linux Debian	`cpe:/o:debian:debian_linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
IGEL OS IGEL	`cpe:/o:igel:os:-`	—
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Mozilla Thunderbird <140.11 Mozilla / Thunderbird		<140.11

References

30 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.mozilla.org/en-US/security/advisories…	external
https://www.mozilla.org/en-US/security/advisories…	external
https://www.mozilla.org/en-US/security/advisories…	external
https://www.mozilla.org/en-US/security/advisories…	external
https://www.mozilla.org/en-US/security/advisories…	external
https://www.mozilla.org/en-US/security/advisories…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://lists.debian.org/debian-security-announce…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.debian.org/debian-security-announce…	external
https://lists.debian.org/debian-lts-announce/2026…	external
https://lists.opensuse.org/archives/list/security…	external
https://access.redhat.com/errata/RHSA-2026:21382	external
https://access.redhat.com/errata/RHSA-2026:21380	external
https://access.redhat.com/errata/RHSA-2026:21378	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2026:21381	external
https://lists.opensuse.org/archives/list/security…	external
https://linux.oracle.com/errata/ELSA-2026-21382.html	external
https://lists.opensuse.org/archives/list/security…	external
https://errata.build.resf.org/RLSA-2026:21382	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://errata.build.resf.org/RLSA-2026:21381	external
https://errata.build.resf.org/RLSA-2026:21378	external
https://access.redhat.com/errata/RHSA-2026:22325	external
https://access.redhat.com/errata/RHSA-2026:22643	external
https://kb.igel.com/en/security-safety/current/is…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Firefox ist ein Open Source Web Browser. \r\nESR ist die Variante mit verl\u00e4ngertem Support.\r\nThunderbird ist ein Open Source E-Mail Client.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird ausnutzen, um beliebigen Code auszuf\u00fchren, um Informationen offenzulegen, Sicherheitsbeschr\u00e4nkungen zu umgehen (z. B. Sandbox-Escape), den Benutzer zu t\u00e4uschen, Berechtigungen zu eskalieren oder einen Denial-of-Service-Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Android\n- iPhoneOS\n- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1606 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1606.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1606 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1606"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory mfsa2026-46 vom 2026-05-19",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory mfsa2026-47 vom 2026-05-19",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-47/"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory mfsa2026-48 vom 2026-05-19",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory mfsa2026-49 vom 2026-05-19",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-49/"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory mfsa2026-50 vom 2026-05-19",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50/"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory mfsa2026-51 vom 2026-05-19",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10813-1 vom 2026-05-20",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N4PBMNGPCFVXRJKTYWURGMAHKO2FKQDE/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4592 vom 2026-05-20",
        "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00037.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6283 vom 2026-05-20",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00194.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2039-1 vom 2026-05-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026240.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6288 vom 2026-05-21",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00199.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4594 vom 2026-05-22",
        "url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00039.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20789-1 vom 2026-05-25",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2XKHQFOHFVU7FRH6PM55T4P7D5OPT6NZ/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:21382 vom 2026-05-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:21382"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:21380 vom 2026-05-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:21380"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:21378 vom 2026-05-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:21378"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21828-1 vom 2026-05-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026321.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:21381 vom 2026-05-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:21381"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10863-1 vom 2026-05-28",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/K5XOKX5RBFOVIL522NO3N6BOVHY4P2Q7/"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-21382 vom 2026-05-28",
        "url": "https://linux.oracle.com/errata/ELSA-2026-21382.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10864-1 vom 2026-05-28",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UBJIBUOS3WETGSITABGASMM7ABVFBZ2V/"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:21382 vom 2026-05-29",
        "url": "https://errata.build.resf.org/RLSA-2026:21382"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:2109-1 vom 2026-05-29",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026378.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:21381 vom 2026-05-30",
        "url": "https://errata.build.resf.org/RLSA-2026:21381"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:21378 vom 2026-05-30",
        "url": "https://errata.build.resf.org/RLSA-2026:21378"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:22325 vom 2026-06-01",
        "url": "https://access.redhat.com/errata/RHSA-2026:22325"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:22643 vom 2026-06-02",
        "url": "https://access.redhat.com/errata/RHSA-2026:22643"
      },
      {
        "category": "external",
        "summary": "IGEL Security Notice ISN-2026-22 vom 2026-06-02",
        "url": "https://kb.igel.com/en/security-safety/current/isn-2026-22-firefox-esr-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Mozilla Firefox und Thunderbird: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-02T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-03T06:02:26.309+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1606",
      "initial_release_date": "2026-05-19T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-19T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-20T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von openSUSE und Debian aufgenommen"
        },
        {
          "date": "2026-05-21T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE und Debian aufgenommen"
        },
        {
          "date": "2026-05-25T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian und openSUSE aufgenommen"
        },
        {
          "date": "2026-05-27T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat und SUSE aufgenommen"
        },
        {
          "date": "2026-05-28T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von openSUSE, Oracle Linux und Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-05-31T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE und Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-06-01T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-02T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat und IGEL aufgenommen"
        }
      ],
      "status": "final",
      "version": "9"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IGEL OS",
            "product": {
              "name": "IGEL OS",
              "product_id": "T017865",
              "product_identification_helper": {
                "cpe": "cpe:/o:igel:os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IGEL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c151",
                "product": {
                  "name": "Mozilla Firefox \u003c151",
                  "product_id": "T054362"
                }
              },
              {
                "category": "product_version",
                "name": "151",
                "product": {
                  "name": "Mozilla Firefox 151",
                  "product_id": "T054362-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox:151"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c115.36",
                "product": {
                  "name": "Mozilla Firefox ESR \u003c115.36",
                  "product_id": "T054363"
                }
              },
              {
                "category": "product_version",
                "name": "115.36",
                "product": {
                  "name": "Mozilla Firefox ESR 115.36",
                  "product_id": "T054363-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox_esr:115.36"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c140.11",
                "product": {
                  "name": "Mozilla Firefox ESR \u003c140.11",
                  "product_id": "T054364"
                }
              },
              {
                "category": "product_version",
                "name": "140.11",
                "product": {
                  "name": "Mozilla Firefox ESR 140.11",
                  "product_id": "T054364-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox_esr:140.11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox ESR"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c151",
                "product": {
                  "name": "Mozilla Thunderbird \u003c151",
                  "product_id": "T054365"
                }
              },
              {
                "category": "product_version",
                "name": "151",
                "product": {
                  "name": "Mozilla Thunderbird 151",
                  "product_id": "T054365-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:thunderbird:151"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c140.11",
                "product": {
                  "name": "Mozilla Thunderbird \u003c140.11",
                  "product_id": "T054366"
                }
              },
              {
                "category": "product_version",
                "name": "140.11",
                "product": {
                  "name": "Mozilla Thunderbird 140.11",
                  "product_id": "T054366-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:thunderbird:140.11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Thunderbird"
          }
        ],
        "category": "vendor",
        "name": "Mozilla"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-8388",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8388"
    },
    {
      "cve": "CVE-2026-8391",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8391"
    },
    {
      "cve": "CVE-2026-8401",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8401"
    },
    {
      "cve": "CVE-2026-8706",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8706"
    },
    {
      "cve": "CVE-2026-8945",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8945"
    },
    {
      "cve": "CVE-2026-8946",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8946"
    },
    {
      "cve": "CVE-2026-8947",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8947"
    },
    {
      "cve": "CVE-2026-8948",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8948"
    },
    {
      "cve": "CVE-2026-8949",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8949"
    },
    {
      "cve": "CVE-2026-8950",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8950"
    },
    {
      "cve": "CVE-2026-8951",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8951"
    },
    {
      "cve": "CVE-2026-8952",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8952"
    },
    {
      "cve": "CVE-2026-8953",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8953"
    },
    {
      "cve": "CVE-2026-8954",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8954"
    },
    {
      "cve": "CVE-2026-8955",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8955"
    },
    {
      "cve": "CVE-2026-8956",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8956"
    },
    {
      "cve": "CVE-2026-8957",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8957"
    },
    {
      "cve": "CVE-2026-8958",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8958"
    },
    {
      "cve": "CVE-2026-8959",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8959"
    },
    {
      "cve": "CVE-2026-8960",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8960"
    },
    {
      "cve": "CVE-2026-8961",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8961"
    },
    {
      "cve": "CVE-2026-8962",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8962"
    },
    {
      "cve": "CVE-2026-8963",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8963"
    },
    {
      "cve": "CVE-2026-8964",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8964"
    },
    {
      "cve": "CVE-2026-8965",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8965"
    },
    {
      "cve": "CVE-2026-8966",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8966"
    },
    {
      "cve": "CVE-2026-8967",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8967"
    },
    {
      "cve": "CVE-2026-8968",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8968"
    },
    {
      "cve": "CVE-2026-8969",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8969"
    },
    {
      "cve": "CVE-2026-8970",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8970"
    },
    {
      "cve": "CVE-2026-8971",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8971"
    },
    {
      "cve": "CVE-2026-8972",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8972"
    },
    {
      "cve": "CVE-2026-8973",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8973"
    },
    {
      "cve": "CVE-2026-8974",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8974"
    },
    {
      "cve": "CVE-2026-8975",
      "product_status": {
        "known_affected": [
          "T054365",
          "T054364",
          "T054363",
          "T054362",
          "2951",
          "T002207",
          "67646",
          "T017865",
          "T027843",
          "T004914",
          "T032255",
          "T054366"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-8975"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-8401 (GCVE-0-2026-8401)

WID-SEC-W-2026-1503

WID-SEC-W-2026-1606

Tags

Sightings

Nomenclature