9.8
CVE-2026-8094
- EPSS 0.45%
- Veröffentlicht 07.05.2026 12:45:08
- Zuletzt bearbeitet 30.06.2026 03:21:41
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
Other issue in the WebRTC component
Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird Version < 140.10.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.356 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
https://www.mozilla.org/security/advisories/mfsa2026-41/
https://bugzilla.mozilla.org/show_bug.cgi?id=2035939
https://www.mozilla.org/security/advisories/mfsa2026-44/
https://access.redhat.com/errata/RHSA-2026:19160
https://access.redhat.com/errata/RHSA-2026:20566
https://access.redhat.com/errata/RHSA-2026:20574
https://access.redhat.com/errata/RHSA-2026:24508
https://access.redhat.com/errata/RHSA-2026:24509
https://access.redhat.com/errata/RHSA-2026:24510
https://access.redhat.com/errata/RHSA-2026:24511
https://access.redhat.com/errata/RHSA-2026:24516
https://access.redhat.com/errata/RHSA-2026:24755
https://access.redhat.com/errata/RHSA-2026:24983
https://access.redhat.com/errata/RHSA-2026:25015
https://access.redhat.com/security/cve/CVE-2026-8094
https://bugzilla.redhat.com/show_bug.cgi?id=2467706
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8094.json