QSearchQSearch

CVE-2026-8956

9.8 CRITICAL

Integer overflow in the Networking: JAR component

Published: 2026-05-19 · Last updated: 2026-05-20

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-190

Affected products

VendorProduct
mozillafirefox, thunderbird

Description

Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-10702 JIT miscompilation in the JavaScript Engine: JIT component (4.3 MEDIUM)
  • CVE-2026-10701 Incorrect boundary conditions in the Graphics: Text component (7.5 HIGH)
  • CVE-2026-9309 Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata (5.4 MEDIUM)
  • CVE-2026-9308 Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders (5.4 MEDIUM)
  • CVE-2026-9078 Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI ... (5.4 MEDIUM)

Same CWE

  • CVE-2026-11774 An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base) (7.6 HIGH)
  • CVE-2025-66280 An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions
  • CVE-2026-34711 CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability (7.5 HIGH)
  • CVE-2026-47925 Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could... (5.5 MEDIUM)
  • CVE-2023-29146 The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed dat... (8.2 HIGH)