What is the CVSS score of EUVD-2026-30926?

EUVD-2026-30926 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Mozilla Firefox are affected by EUVD-2026-30926?

Mozilla Firefox (versions 150, ESR 115.35, and ESR 140.10) contains a critical memory corruption vulnerability enabling arbitrary code execution when users visit malicious websites.. A patch is available.

Mozilla Firefox EUVD-2026-30926

| CVE-2026-8975 HIGH

Buffer Overflow (CWE-119)

2026-05-19 mozilla

GHSA-v6hv-5rrm-2f28

RCE Buffer Overflow Mozilla

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 20, 2026 - 17:28 vuln.today

Severity Changed

May 20, 2026 - 17:22 NVD

CRITICAL HIGH

CVSS changed

May 20, 2026 - 17:22 NVD

9.8 (CRITICAL) 8.8 (HIGH)

CVE Published

May 19, 2026 - 12:30 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, and Firefox ESR 140.11.

AnalysisAI

Memory corruption in Mozilla Firefox 150 and Firefox ESR (115.35, 140.10) allows remote attackers to potentially execute arbitrary code when a user visits a crafted web page. The flaws stem from memory safety bugs reported by Mozilla developers, some showing evidence of exploitable memory corruption. …

RemediationAI

Within 24 hours: Inventory all Firefox installations organization-wide; disable JavaScript execution or restrict untrusted website access; communicate advisory to all users. Within 7 days: Deploy endpoint detection and response (EDR) monitoring for anomalous process execution; evaluate alternative browsers (Chrome, Edge) for critical business activities. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-44739 HIGH This Week

8.7 May 27

SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config

Vendor StatusVendor

EUVD-2026-30926 vulnerability details – vuln.today

Back

Mozilla Firefox EUVD-2026-30926

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code