VIR Vulnerability Intelligence Relay

CVE-2026-8388

medium
Published 2026-05-27 · Modified 2026-05-19
CVSS v3
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS v2
VIR risk
6.5

Description

Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Predictions

Exploit likelihood
75%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2026-8388

vendor Authored 2026-05-27

Vendor advisory: security@mozilla.org — https://www.mozilla.org/security/advisories/mfsa2026-45/

vendor Authored 2026-05-27

Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2026:21381

OS impact
OSVersionStatusFixed in
redhat rhel9fixed
debian debiansidfixed150.0.3-1
debian debianbookwormfixed140.11.0esr-1~deb12u1
debian debianbullseyefixed140.11.0esr-1~deb11u1
debian debianforkyfixed140.11.0esr-1
debian debiantrixiefixed140.11.0esr-1~deb13u1

Application impact
VendorProductVersionsFixed
mozillafirefox{"endExcluding":"150.0.3"}150.0.3

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.