Critical Vulnerability Information Title: Firefox Browser Crash When Excessive Service Worker is Created Status: Closed Status Change: RESOLVED FIXED Priority: P2 Severity: S3 CVE: CVE-2026-0889 Affected Products and Versions Product: Core Component: DOM: Service Workers Version: Firefox 144 Vulnerability Description Vulnerability Type: Service Worker Crash Trigger Cause: Accessing a page that registers a large number of randomly scoped Service Workers, causing Firefox to crash. Crash Cause: Excessively large input string leading to an assertion failure. Affected Operating Systems Confirmed Version: Firefox 144 on Windows 10 x64 Other Platforms: Firefox 144 on Linux also crashes Vulnerability Details and Attachments Includes a Python script simulating malicious Service Worker registration. Provides crash report with stack trace at the time of crash. Includes an image of assembly instructions causing a segmentation fault on Linux. Updates include debugging information, with details on relevant code lines involving nsTStringLengthStorage. Fix and Impact Fixed in Firefox Branch: 147-Branch Related Bugs: Other bugs with related CWE type (CWE-467 Integer Overflow or Wraparound). Status and Tracking Status Change: FIXED CVE: Confirmed by team; CVE has been assigned and verified as CVE-2026-0889. Fix Date: 1 month ago