Integer Overflow Vulnerability in Win32 Component of Firefox
CVE-2026-8949

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-8949?

An integer overflow vulnerability affects the Win32 component of Firefox, potentially allowing attackers to exploit the flaw under specific conditions. This issue has been addressed and fixed in Firefox version 151 and Firefox ESR version 140.11, urging users to update their browsers to mitigate any risks. For more in-depth information, refer to the advisories from Mozilla.

Affected Version(s)

Firefox 140.11

Firefox 151

Thunderbird 140.11

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1355639

https://www.mozilla.org/security/advisories/mfsa2026-46/

https://www.mozilla.org/security/advisories/mfsa2026-48/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 19, 2026

Credit

CVE-2026-8949 Data

JSON