CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component
Published May 12, 2026
·Updated
Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
Affected Software
6 affected componentsFixes available
Mozilla Firefox<150.0.3
Mozilla Firefox<150.0.3
150.0.3
Mozilla Firefox ESR<115.36
115.36
Mozilla Firefox ESR<140.11
140.11
Mozilla Firefox<150.0.3
Mozilla Thunderbird<140.11
140.11
Event History
May 12, 2026
CVE Published
via Mozilla·12:00 AM
Data Sourced
via Mozilla·12:00 AM
DescriptionSeverityAffected Software
CVE Published
via MITRE·12:36 PM
Data Sourced
via MITRE·12:36 PM
Description
Data Sourced
via NVD·02:17 PM
DescriptionSeverityWeaknessAffected Software
May 19, 2026
Updated
via Mozilla·12:00 AM
Affected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-8388?
CVE-2026-8388 has been classified as a moderate severity vulnerability due to incorrect boundary conditions in the JavaScript Engine's JIT component.
2
How do I fix CVE-2026-8388?
To fix CVE-2026-8388, update your Mozilla Firefox to version 150.0.3 or later.
3
What are the potential impacts of CVE-2026-8388?
CVE-2026-8388 could potentially allow for arbitrary code execution under certain conditions due to the boundary issues in the JavaScript Engine.
4
Is CVE-2026-8388 present in earlier versions of Firefox?
Yes, CVE-2026-8388 affects versions of Mozilla Firefox prior to 150.0.3.
5
Has CVE-2026-8388 been addressed in Mozilla Firefox?
Yes, CVE-2026-8388 was fixed in the release of Mozilla Firefox version 150.0.3.