What is the CVSS score of CVE-2026-8974?

CVE-2026-8974 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Mozilla Firefox are affected by CVE-2026-8974?

Memory corruption in Mozilla Firefox 150 and ESR 140.10 enables attackers to gain full control of end-user computers when employees visit malicious websites.. A patch is available.

Mozilla Firefox CVE-2026-8974

EUVD-2026-30922 HIGH

Buffer Overflow (CWE-119)

2026-05-19 mozilla

GHSA-c792-chx5-8443

RCE Buffer Overflow Mozilla

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 20, 2026 - 17:27 vuln.today

Severity Changed

May 20, 2026 - 17:22 NVD

CRITICAL HIGH

CVSS changed

May 20, 2026 - 17:22 NVD

9.8 (CRITICAL) 8.8 (HIGH)

CVE Published

May 19, 2026 - 12:30 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.

AnalysisAI

Memory corruption in Mozilla Firefox 150 and Firefox ESR 140.10 allows remote attackers to potentially execute arbitrary code when a victim visits a crafted web page. The flaw stems from multiple memory safety bugs reported by Mozilla developers, with some showing evidence of exploitable memory corruption; no public exploit identified at time of analysis and EPSS exploitation probability is low (0.05%, 14th percentile). …

RemediationAI

Within 24 hours: Issue urgent security advisory and notify IT/helpdesk of mandatory Firefox update requirement; audit current Firefox deployment. Within 7 days: Deploy Firefox 151 (or Firefox ESR 140.11 for ESR users) to all endpoints via patch management; verify completion through compliance scanning. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-44739 HIGH This Week

8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config

Vendor StatusVendor

CVE-2026-8974 vulnerability details – vuln.today

Back

Mozilla Firefox CVE-2026-8974

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code