- 118/2026
- Critical
Mozilla has released an updated Firefox version 150.0.2, Firefox ESR versions 115.35.2 and 140.10.2 to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the remote attacker to perform denial-of- service attacks, execute arbitrary code, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Mozilla Firefox Incorrect Boundary Conditions in The Audio/Video: Playback Component (CVE-2026-8091):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial-of-Service
2. Mozilla Firefox Use-after-free in the DOM: Networking Component (CVE- 2026-8090):
- CVSS: 7.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
- CVE-2026-8090
- CVE-2026-8091
- CVE-2026-8092
- CVE-2026-8093
- CVE-2026-8094
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.