CVE Catalog

CVE-2026-8948

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.42%

34th percentile — higher than 34% of all known CVEs

Summary

A vulnerability in the DOM: Networking component allows bypassing the same-origin policy. This flaw was fixed in Firefox 151 and Thunderbird 151.

Risk Assessment

An attacker could exploit this vulnerability to steal data or perform unauthorized actions in the context of another domain, posing a serious risk to data confidentiality and integrity.

Recommendation

Immediately update Firefox and Thunderbird to version 151 or later to remediate the vulnerability.

Original NVD description (English source)

Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS