PT-2026-41901 · Mozilla+1 · Thunderbird+2

Satoki Tsuji

·

Published

2026-05-19

·

Updated

2026-06-30

·

CVE-2026-8947

CVSS v3.1

7.5

High

VectorAV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 115.36 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11
Description A use-after-free issue exists in the DOM: Bindings (WebIDL) component. Use-after-free is a memory corruption flaw that occurs when an application continues to use a pointer after it has been freed.
Recommendations Update Firefox to version 151. Update Firefox ESR to version 115.36. Update Firefox ESR to version 140.11. Update Thunderbird to version 151. Update Thunderbird to version 140.11.

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

ALSA-2026:21378
ALSA-2026:21380
ALSA-2026:21381
ALSA-2026:21382
ALSA-2026:22325
ALSA-2026:22643
BDU:2026-08156
CVE-2026-8947
OESA-2026-2392
OESA-2026-2393
OESA-2026-2394
OESA-2026-2465
OPENSUSE-SU-2026:10813-1
OPENSUSE-SU-2026:10863-1
OPENSUSE-SU-2026:10864-1
OPENSUSE-SU-2026:21168-1

Affected Products

Firefox
Rocky Linux
Thunderbird