Feed›Vulnerability›Multiple Vulnerabilities in Mozilla Products Could Allow for...

VulnerabilityCIS Advisories

9.8 — CRITICAL

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution

📅 7 May 2026 at 16:18 UTC📰 CIS AdvisoriesView original source ↗

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet.Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

Multiple vulnerabilities in Mozilla products, including Firefox and Thunderbird, could allow for arbitrary code execution, posing a significant risk to users with administrative privileges.

⚙️Technical Details

CVEs

CVE-2026-8090CVE-2026-8091CVE-2026-8092CVE-2026-8093CVE-2026-8094

Affected Systems

Firefox versions prior to 150.0.2Firefox ESR versions prior to 140.10.2Firefox ESR versions prior to 115.35.2Thunderbird versions prior to 150.0.2Thunderbird versions prior to 140.10.2

Attack Vectors

NETWORK

💥Impact Assessment

Severity: CRITICAL

🛡️Recommended Actions

1Apply appropriate updates provided by Mozilla to vulnerable systems immediately after testing.

2Establish and maintain a documented vulnerability management process for enterprise assets.

3Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.

📦Affected Products

Mozilla FirefoxMozilla ThunderbirdThunderbird

🔐NVD Verified DataVERIFIED

CVE-2026-8090 ↗CVSS 7.3 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Weaknesses

CWE-416

Affected Products (CPE)

Mozilla FirefoxMozilla Thunderbird

Advisories

📋 https://www.mozilla.org/security/advisories/mfsa2026-40/📋 https://www.mozilla.org/security/advisories/mfsa2026-41/📋 https://www.mozilla.org/security/advisories/mfsa2026-42/

CVE-2026-8091 ↗CVSS 9.8 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-754

CVE-2026-8092 ↗CVSS 8.1 — HIGH

Attack Vector

NETWORK

Complexity

HIGH

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-416CWE-787CWE-125

CVE-2026-8093 ↗CVSS 8.1 — HIGH

Attack Vector

NETWORK

Complexity

HIGH

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-119

CVE-2026-8094 ↗CVSS 9.8 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-94

Read the full article

This is a curated summary. The complete article is available at CIS Advisories.

Read on CIS Advisories ↗

← Back to feed