Use-After-Free Vulnerability in Mozilla Firefox WebAssembly Component
CVE-2026-8390

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-8390?

A use-after-free vulnerability was identified in the WebAssembly component of Mozilla Firefox, potentially allowing attackers to execute arbitrary code or crash the browser. This issue was specifically observed in the handling of memory resources, leading to security risks for users on affected versions. The vulnerability has been addressed in version 150.0.3 of Firefox, emphasizing the importance of keeping browsers updated to mitigate potential threats.

Affected Version(s)

Firefox 150.0.3

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2038081

https://www.mozilla.org/security/advisories/mfsa2026-45/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 12, 2026

Credit

Bill Demirkapi

CVE-2026-8390 Data

JSON