CVE Catalog

CVE-2026-8950

Critical
Published: Translated: NVD NIST

Summary

A vulnerability allowing same-origin policy bypass in the Networking: HTTP component. It was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Risk Assessment

Bypassing the same-origin policy may lead to unauthorized access to user data, posing a significant security risk to web applications.

Recommendation

It is recommended to update to the latest versions of Firefox and Thunderbird to mitigate this vulnerability.

Original NVD description (English source)

Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS