CVE-2026-8092

• Mozilla Corporation/Firefox2 versions

  cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*+ 1 more

  • cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*range: <115.35.2
  • cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*range: >=150.0,<150.0.2
• Mozilla Corporation/Thunderbird

  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*

  Range: >=140.0,<140.10.2

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

• www.mozilla.org/security/advisories/mfsa2026-40/nvdVendor Advisory
• www.mozilla.org/security/advisories/mfsa2026-41/nvdVendor Advisory
• www.mozilla.org/security/advisories/mfsa2026-42/nvdVendor Advisory
• www.mozilla.org/security/advisories/mfsa2026-43/nvdVendor Advisory
• www.mozilla.org/security/advisories/mfsa2026-44/nvdVendor Advisory
• bugzilla.mozilla.org/buglist.cginvdBroken Link

• Popular node-ipc npm package compromised to steal credentials
  BleepingComputer · May 15, 2026
• Chrome 148 Update Patches Critical Vulnerabilities
  SecurityWeek · May 15, 2026
• Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026
  BleepingComputer · May 14, 2026
• Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere
  SecurityWeek · May 14, 2026
• How Dangerous Is Anthropic’s Mythos AI?
  Schneier on Security · May 14, 2026
• Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits
  The Register Security · May 13, 2026
• 73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
  BleepingComputer · May 13, 2026
• Patch Tuesday, May 2026 Edition
  Krebs on Security · May 12, 2026
• Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
  BleepingComputer · May 12, 2026
• Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means
  SecurityWeek · May 12, 2026
• ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
  The Hacker News · May 11, 2026
• Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scams
  Help Net Security · May 10, 2026
• TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
  The Hacker News · May 8, 2026
• Mozilla boasts Mythos boosted Firefox bug cull
  The Register Security · May 7, 2026
• ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
  The Hacker News · May 7, 2026
• Proton Mail brings quantum-safe email encryption to all accounts
  Help Net Security · May 6, 2026
• Cleartext Passwords in MS Edge&#x3f; In 2026&#x3f;, (Mon, May 4th)
  SANS Internet Storm Center · May 5, 2026
• Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft
  SecurityWeek · May 5, 2026
• CloudZ RAT potentially steals OTP messages using Pheno plugin
  Cisco Talos Intelligence · May 5, 2026
• Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks
  SecurityWeek · May 4, 2026
• Backdoored PyTorch Lightning package drops credential stealer
  BleepingComputer · May 4, 2026
• ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
  The Hacker News · May 4, 2026
• US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems
  SecurityWeek · May 3, 2026
• Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge
  SecurityWeek · Apr 30, 2026
• Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability
  Tenable Blog · Apr 30, 2026
• New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
  The Hacker News · Apr 30, 2026
• Legacy TLS tour continues with Exchange Online blocking old versions from July 2026
  The Register Security · Apr 29, 2026
• Legacy TLS tour continues with Exchange Online blocking old versions from July 2026
  The Register Security · Apr 29, 2026
• Claude Mythos Has Found 271 Zero-Days in Firefox
  Schneier on Security · Apr 29, 2026
• Vidar Rises to Top of Chaotic Infostealer Market
  Dark Reading · Apr 28, 2026
• Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
  The Hacker News · Apr 28, 2026
• VECT: Ransomware by design, Wiper by accident
  Check Point Research · Apr 28, 2026
• Widely Used Browser Extensions Selling User Data
  Infosecurity Magazine · Apr 27, 2026
• AI's not going to kill open source code security
  The Register Security · Apr 26, 2026
• Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?
  The Hacker News · Apr 23, 2026
• Risky Business #834 -- Vercel gets owned, Mozilla dumps hundreds of Mythos bugs
  Risky Business · Apr 22, 2026
• DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy
  Check Point Research · Apr 20, 2026
• Metasploit Wrap-Up 04/17/2026
  Rapid7 Blog · Apr 17, 2026
• Shared Dictionaries: compression that keeps up with the agentic web
  Cloudflare Blog · Apr 17, 2026
• Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin
  Wordfence Blog · Apr 16, 2026
• Securing the Software Supply Chain: How SentinelOne’s AI EDR Autonomously Blocked the CPU-Z Watering Hole Cyber Attack
  SentinelOne Labs · Apr 14, 2026
• New 'Storm' Infostealer Remotely Decrypts Stolen Credentials
  Infosecurity Magazine · Apr 2, 2026
• ZDI-26-252: Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability
  Zero Day Initiative · Apr 2, 2026
• New Venom Stealer MaaS Platform Automates Continuous Data Theft
  Infosecurity Magazine · Apr 1, 2026
• Microsoft Patch Tuesday, March 2026 Edition
  Krebs on Security · Mar 11, 2026
• Siemens Teamcenter
  CISA Alerts