CVE-2026-8093

High

Published: 07 May 2026

Published

07 May 2026

Modified

07 May 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0001 3.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox…

150.0.2.

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SA-11 Developer Testing and Evaluation

addresses: CWE-119

Ongoing control assessments and code testing (static/dynamic analysis, fuzzing) surface memory buffer restriction failures, which are then remediated before release.

SC-27 Platform-independent Applications

addresses: CWE-119

Managed runtimes used by platform-independent applications (e.g., JVM, CLR) enforce memory safety, preventing most buffer overflows that require direct memory manipulation.

SI-16 Memory Protection

addresses: CWE-119

Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution.

SI-4 System Monitoring

addresses: CWE-119

Detects exploitation attempts that produce memory corruption, crashes, or anomalous behavior.

Security SummaryAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-119

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1981270%2C2027154%2C2028332%2C2029327%2C2029428%2C2029894%2C2032189%2C2034837%2C2035968%2C2036256
security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2026-40/
security@mozilla.org