EUVD-2026-28361
GHSA-4345-ccpc-8955
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4DescriptionNVD
Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, and Firefox ESR 115.35.2.
AnalysisAI
Use-after-free memory corruption in Firefox's DOM Networking component enables remote attackers to achieve unauthorized information disclosure, data manipulation, and service disruption without authentication or user interaction. Affects Firefox mainline and both Extended Support Release (ESR) branches. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all Firefox installations across the organization and document current versions. Within 7 days: Deploy Firefox 150.0.2 (mainline), Firefox ESR 140.10.2, or Firefox ESR 115.35.2 to all affected systems via your patch management system; prioritize endpoints with network-facing roles. …
Sign in for detailed remediation steps.
More from same product – last 7 days
SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today