Security Advisory

Mozilla Product Security Update Advisory

  • May 11 2026
Mozilla Product Security Update Advisory

Mozilla has released security updates to fix multiple vulnerabilities found in Firefox, Firefox ESR, and Thunderbird.

  • the vulnerabilities fixed are CVE-2026-8090, CVE-2026-8091, CVE-2026-8092, CVE-2026-8093, and CVE-2026-8094.
  • CVE-2026-8090 is a post-release use vulnerability in the DOM: Networking component.
  • CVE-2026-8091 is an improper boundary condition vulnerability in the Audio/Video: Playback component.
  • CVE-2026-8092 is a memory safety vulnerability in Thunderbird ESR and Thunderbird.
  • CVE-2026-8093 is a memory safety vulnerability in Firefox.
  • CVE-2026-8094 is a vulnerability in the WebRTC component.

the versions that need to be updated are as follows

  • Firefox 150.0.2 and earlier.
  • Firefox ESR 140.10.2 or earlier.
  • Firefox ESR 115.35.2 or earlier.
  • Thunderbird 150.0.2 or earlier.
  • Thunderbird 140.10.2 or earlier.
  • For CVE-2026-8091, Firefox less than 150, Thunderbird less than 150, Firefox ESR less than 140.10.1, and Thunderbird less than 140.10.1.

Mozilla advised users to follow the instructions on its reference site to update to the latest version of the Vulnerability Patch.

Tags:
Previous Post

Next Post