Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-8956: Firefox Integer Overflow in Networking: JAR

CVE-2026-8956

Summary

A vulnerability in the Firefox Networking: JAR component can cause the browser to crash or behave unexpectedly. This issue affects Firefox versions prior to 151 and Firefox ESR versions prior to 140.11. To resolve the issue, update to the latest version of Firefox.

Original title

Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Original description

Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Vulnerability type

CWE-190 Integer Overflow

https://bugzilla.mozilla.org/show_bug.cgi?id=2032427
https://www.mozilla.org/security/advisories/mfsa2026-46/
https://www.mozilla.org/security/advisories/mfsa2026-48/
https://www.mozilla.org/security/advisories/mfsa2026-50/
https://www.mozilla.org/security/advisories/mfsa2026-51/

Published: 19 May 2026 · Updated: 28 May 2026 · First seen: 19 May 2026