CVE-2026-8094
WebRTC Memory Corruption in Firefox ESR
Publication date: 2026-05-07
Last updated on: 2026-05-11
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 140.10.2 (exc) |
| mozilla | thunderbird | to 140.10.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unspecified issue in the WebRTC component of Mozilla Firefox ESR. It was addressed and fixed in Firefox ESR version 140.10.2.
How can this vulnerability impact me? :
The specific impacts of this vulnerability are not detailed in the provided information. However, since it involves the WebRTC component, it could potentially affect real-time communication features in Firefox ESR.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
There is no information available regarding the impact of this vulnerability on compliance with standards such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox ESR to version 140.10.2 or later where the issue in the WebRTC component has been fixed.