CVE-2026-8949

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11

Description An integer overflow exists in the Widget: Win32 component. An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of bits.

Recommendations Update to version 151 Update to version 140.11 Update to version 151 Update to version 140.11

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2026-8949

OESA-2026-2392

OESA-2026-2393

OESA-2026-2394

OPENSUSE-SU-2026:10813-1

OPENSUSE-SU-2026:10863-1

OPENSUSE-SU-2026:10864-1

Affected Products

Firefox

Thunderbird

CVE-2026-8949

Weakness Enumeration

Related Identifiers

Affected Products

References · 77