CVE-2026-0883
Information Disclosure in Firefox Networking Component Prior to
Publication date: 2026-01-13
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 147 (exc) |
| mozilla | firefox_esr | to 140.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an information disclosure flaw in the Networking component of Firefox versions prior to 147 and Firefox ESR versions prior to 140.7. It allows attackers to gain access to information that should be protected, potentially exposing sensitive data.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of information within the browser, which may expose sensitive user data or browsing information to attackers. This could compromise user privacy and security but does not directly allow code execution or system control.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox to version 147 or later, or Firefox ESR to version 140.7 or later, as these versions include fixes addressing this issue and other related security vulnerabilities. [1, 2]