CVE-2026-0877
Mitigation Bypass in Firefox DOM Security Component
Publication date: 2026-01-13
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 147 (exc) |
| mozilla | firefox_esr | to 115.32 (exc) |
| mozilla | firefox_esr | to 140.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0877 is a high-impact security vulnerability in Firefox browsers involving a mitigation bypass in the Document Object Model (DOM) security component. This flaw allows attackers to circumvent existing security measures within the DOM, potentially enabling unauthorized actions or code execution within the browser environment. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to bypass security mitigations in the DOM, which may lead to unauthorized actions or exploitation such as executing malicious code within your browser. This can compromise your browser's security and potentially expose sensitive information or allow further attacks. [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update your Firefox browser to version 147 or later, or if you are using Firefox ESR, update to ESR 115.32 or later, or ESR 140.7 or later. These versions include fixes that address the mitigation bypass in the DOM security component. [1, 2, 3]