Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution

Multiple critical memory-safety vulnerabilities in Mozilla Firefox and related components (CVE-2026-8090 — CVE-2026-8094) could enable arbitrary code execution via drive-by compromises. Patches were released in Firefox ESR 115.35.2, ESR 140.10.2 and Firefox 150.0.2; successful exploitation could allow attackers to install programs, access or modify data, or create accounts depending on user privileges.