CVE-2026-8948
EUVD-2026-3090019.05.2026, 14:16
Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 < 151.0.0 |
| mozilla | thunderbird | 𝑥 < 151.0.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-942 - Permissive Cross-domain Policy with Untrusted DomainsThe software uses a cross-domain policy file that includes domains that should not be trusted.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
References