PatchSiren cyber security CVE debrief
CVE-2026-8389 Mozilla CVE debrief
CVE-2026-8389 is a HIGH severity vulnerability in Mozilla Firefox, with a CVSS score of 8.8. The vulnerability is caused by a JIT miscompilation in the JavaScript Engine. This issue was fixed in Firefox 150.0.3. The vulnerability was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-8389) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-8389).
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-06-05
Who should care
Users of Mozilla Firefox, particularly those who use the browser for sensitive activities, should be aware of this vulnerability and ensure they are running Firefox 150.0.3 or later.
Technical summary
The vulnerability is caused by a JIT miscompilation in the JavaScript Engine. This issue was fixed in Firefox 150.0.3. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Defensive priority
HIGH
Recommended defensive actions
- Update to Firefox 150.0.3 or later
Evidence notes
The vulnerability was published on [cvePublishedAt](resourceLinkAnnotations:cve-org) and last modified on [cveModifiedAt](resourceLinkAnnotations:nvd).
Official resources
-
CVE-2026-8389 CVE record
CVE.org
-
CVE-2026-8389 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Permissions Required
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
134c704f-9b21-4f2e-91b3-4a467353bcc0
Mozilla Firefox users should update to version 150.0.3 or later to mitigate this vulnerability. Additional information can be found at [ref-5](resourceLinkAnnotations:ref-5).