CVE-2026-8961
Spoofing in Firefox Form Autofill Component
Publication date: 2026-05-19
Last updated on: 2026-05-20
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 151.0.0 (exc) |
| mozilla | firefox | to 140.11.0 (exc) |
| mozilla | thunderbird | to 140.11 (exc) |
| mozilla | thunderbird | to 151.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a spoofing issue found in the Form Autofill component of Mozilla Firefox. It allows an attacker to potentially deceive users by presenting false or misleading information in form fields.
The issue was addressed and fixed in Firefox version 151 and Firefox ESR 140.11.
How can this vulnerability impact me? :
The spoofing vulnerability in the Form Autofill component can lead to users being tricked into entering sensitive information into fraudulent form fields. This can result in unauthorized disclosure of personal or financial data.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Firefox browser to version 151 or later, or Firefox ESR to version 140.11 or later, where the issue has been fixed.