Critical severity9.8NVD Advisory· Published May 7, 2026· Updated May 11, 2026

CVE-2026-8094

Description

Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.

Affected products

Mozilla Corporation/Firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Range: <140.10.2
Mozilla Corporation/Thunderbird
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Range: <140.10.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.mozilla.org/security/advisories/mfsa2026-41/nvdVendor Advisory
www.mozilla.org/security/advisories/mfsa2026-44/nvdVendor Advisory
bugzilla.mozilla.org/show_bug.cginvdPermissions Required

News mentions

How Dangerous Is Anthropic’s Mythos AI?
Schneier on Security · May 14, 2026
Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits
The Register Security · May 13, 2026
Patch Tuesday, May 2026 Edition
Krebs on Security · May 12, 2026
Mozilla boasts Mythos boosted Firefox bug cull
The Register Security · May 7, 2026
Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
SANS Internet Storm Center · May 5, 2026
CloudZ RAT potentially steals OTP messages using Pheno plugin
Cisco Talos Intelligence · May 5, 2026
Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability
Tenable Blog · Apr 30, 2026
Legacy TLS tour continues with Exchange Online blocking old versions from July 2026
The Register Security · Apr 29, 2026
Claude Mythos Has Found 271 Zero-Days in Firefox
Schneier on Security · Apr 29, 2026
VECT: Ransomware by design, Wiper by accident
Check Point Research · Apr 28, 2026
Risky Business #834 -- Vercel gets owned, Mozilla dumps hundreds of Mythos bugs
Risky Business · Apr 22, 2026
DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy
Check Point Research · Apr 20, 2026
Metasploit Wrap-Up 04/17/2026
Rapid7 Blog · Apr 17, 2026
Shared Dictionaries: compression that keeps up with the agentic web
Cloudflare Blog · Apr 17, 2026
Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin
Wordfence Blog · Apr 16, 2026
Securing the Software Supply Chain: How SentinelOne’s AI EDR Autonomously Blocked the CPU-Z Watering Hole Cyber Attack
SentinelOne Labs · Apr 14, 2026
Microsoft Patch Tuesday, March 2026 Edition
Krebs on Security · Mar 11, 2026
Siemens Teamcenter
CISA Alerts

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000