Use-After-Free Vulnerability in Firefox Network Component
CVE-2026-8090

7.3HIGH

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-8090?

A use-after-free vulnerability has been identified in the DOM networking component of Firefox, which could allow an attacker to exploit this flaw for unauthorized actions. This flaw was addressed in the recent updates of Firefox versions 150.0.2, and in the Extended Support Release (ESR) versions 140.10.2 and 115.35.2. Users are encouraged to update their Firefox installations promptly to mitigate any potential risks associated with this vulnerability.

Affected Version(s)

Firefox 115.35.2

Firefox 140.10.2

Firefox 150.0.2

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2034352

https://www.mozilla.org/security/advisories/mfsa2026-40/

https://www.mozilla.org/security/advisories/mfsa2026-41/

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
May 7, 2026

Credit

Kevin Brosnan

CVE-2026-8090 Data

JSON