CVE-2026-3846

Received Received - Intake

Same-Origin Policy Bypass in Firefox CSS Parsing

Publication date: 2026-03-10

Last updated on: 2026-04-13

Assigner: Mozilla Corporation

Description

Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-10

Last Modified

2026-04-13

Generated

2026-06-16

AI Q&A

2026-03-10

EPSS Evaluated

2026-06-15

NVD

CVE-2026-3846

EUVD

EUVD-2026-10504

Affected Vendors & Products

Vendor	Product	Version / Range
mozilla	firefox	to 148.0.2 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-346	The product does not properly verify that the source of data or communication is valid.

Attack-Flow Graph

Executive Summary

This vulnerability is a same-origin policy bypass in the CSS Parsing and Computation component of Firefox versions earlier than 148.0.2.

Impact Analysis

The vulnerability can impact you by allowing an attacker to bypass the same-origin policy, potentially leading to unauthorized modification or influence over web content. According to the CVSS score, it has a high impact on integrity but does not affect confidentiality or availability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Hi! I’m here to help you understand CVE-2026-3846. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-3846

Same-Origin Policy Bypass in Firefox CSS Parsing

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart