CVE-2026-8953

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 115.36 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11

Description A use-after-free issue in the Disability Access APIs component allows for a sandbox escape. Use-after-free is a memory corruption flaw that occurs when an application continues to use a pointer after it has been freed.

Recommendations Update to version 151 Update to version 115.36 Update to version 140.11 Update to version 151 Update to version 140.11

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2026:21378

ALSA-2026:21380

ALSA-2026:21381

ALSA-2026:21382

CVE-2026-8953

OPENSUSE-SU-2026:10813-1

OPENSUSE-SU-2026:10863-1

OPENSUSE-SU-2026:10864-1

Affected Products

Firefox

Thunderbird

CVE-2026-8953

Weakness Enumeration

Related Identifiers

Affected Products

References · 108