Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN476
_____________________________________________________________________

DATE                : 11/05/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Firefox versions prior to
                       150.0.2, ESR 140.10.2, ESR 115.35.2.

=====================================================================
https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-42/
_____________________________________________________________________


Mozilla Foundation Security Advisory 2026-40
Security Vulnerabilities fixed in Firefox 150.0.2

Announced
    May 7, 2026
Impact
    high
Products
    Firefox
Fixed in

        Firefox 150.0.2


#CVE-2026-8090: Use-after-free in the DOM: Networking component

Reporter
    Kevin Brosnan
Impact
    high

References

    Bug 2034352

#CVE-2026-8092: Memory safety bugs fixed in Firefox ESR 115.35.2,
Firefox ESR 140.10.2 and Firefox 150.0.2

Reporter
    Andrew McCreight, Christian Holler, Lee Salzman, Maurice
Dauer, Tom Schuster, Wayne Mery and the Mozilla Fuzzing Team

Impact
    high

Description

Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR
140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence
of memory corruption and we presume that with enough effort some
of these could have been exploited to run arbitrary code.

References

    Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox
ESR 140.10.2 and Firefox 150.0.2


#CVE-2026-8093: Memory safety bugs fixed in Firefox 150.0.2

Reporter
    Andy Leiserson, Jan de Mooij, Michael Froman and the
Mozilla Fuzzing Team

Impact
    high

Description

Memory safety bugs present in Firefox 150.0.1. Some of these
bugs showed evidence of memory corruption and we presume
that with enough effort some of these could have been
exploited to run arbitrary code.

References

    Memory safety bugs fixed in Firefox 150.0.2


_____________________________________________________________________


Mozilla Foundation Security Advisory 2026-41
Security Vulnerabilities fixed in Firefox ESR 140.10.2

Announced
    May 7, 2026
Impact
    high
Products
    Firefox ESR
Fixed in

        Firefox ESR 140.10.2

#CVE-2026-8090: Use-after-free in the DOM: Networking component

Reporter
    Kevin Brosnan
Impact
    high

References

    Bug 2034352

#CVE-2026-8094: Other issue in the WebRTC component

Reporter
    Michael Froman
Impact
    high

References

    Bug 2035939


#CVE-2026-8092: Memory safety bugs fixed in Firefox ESR 115.35.2,
Firefox ESR 140.10.2 and Firefox 150.0.2

Reporter
    Andrew McCreight, Christian Holler, Lee Salzman, Maurice Dauer,
Tom Schuster, Wayne Mery and the Mozilla Fuzzing Team

Impact
    high

Description

Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1
and Firefox 150.0.1. Some of these bugs showed evidence of memory
corruption and we presume that with enough effort some of these could
have been exploited to run arbitrary code.

References

    Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox
ESR 140.10.2 and Firefox 150.0.2

_____________________________________________________________________


Mozilla Foundation Security Advisory 2026-42
Security Vulnerabilities fixed in Firefox ESR 115.35.2

Announced
    May 7, 2026
Impact
    high
Products
    Firefox ESR
Fixed in

        Firefox ESR 115.35.2


#CVE-2026-8090: Use-after-free in the DOM: Networking component

Reporter
    Kevin Brosnan
Impact
    high

References

    Bug 2034352


#CVE-2026-8091: Incorrect boundary conditions in the Audio/Video:
Playback component

Reporter
    The Mozilla Fuzzing Team
Impact
    high

References

    Bug 2029301

#CVE-2026-8092: Memory safety bugs fixed in Firefox ESR 115.35.2,
Firefox ESR 140.10.2 and Firefox 150.0.2

Reporter
    Andrew McCreight, Christian Holler, Lee Salzman, Maurice Dauer,
Tom Schuster, Wayne Mery and the Mozilla Fuzzing Team

Impact
    high

Description

Memory safety bugs present in Firefox ESR 115.35.1, Firefox
ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed
evidence of memory corruption and we presume that with enough
effort some of these could have been exploited to run
arbitrary code.

References

    Memory safety bugs fixed in Firefox ESR 115.35.2,
Firefox ESR 140.10.2 and Firefox 150.0.2


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================