CVE-2026-8947
Use-after-free in the DOM: Bindings (WebIDL) component
CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th
Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
| Vendor | mozilla |
| Product | firefox |
| Ecosystems | |
| Industries | Technology |
| Published | May 19, 2026 |
| Last Updated | Jun 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for mozilla firefox
Be the first to know when new high vulnerabilities affecting mozilla firefox are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Mozilla / Firefox
All versions affected Mozilla / Thunderbird
All versions affected References
bugzilla.mozilla.org: https://bugzilla.mozilla.org/show_bug.cgi?id=2038439 mozilla.org: https://www.mozilla.org/security/advisories/mfsa2026-46/ mozilla.org: https://www.mozilla.org/security/advisories/mfsa2026-47/ mozilla.org: https://www.mozilla.org/security/advisories/mfsa2026-48/ mozilla.org: https://www.mozilla.org/security/advisories/mfsa2026-50/ mozilla.org: https://www.mozilla.org/security/advisories/mfsa2026-51/ access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-8947 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2479873 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8947.json access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26551 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:27715 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26539 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:21380 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:22325 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:21382 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:22643 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26629 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26270 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26606 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26536 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26630 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26268 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26491 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26269 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26493 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26174 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26492 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:26521 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:21378 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:21381
Credits
Satoki Tsuji