CVE-2026-8962
DOM Security Bypass in Firefox
Publication date: 2026-05-19
Last updated on: 2026-05-20
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 151.0.0 (exc) |
| mozilla | firefox | to 140.11.0 (exc) |
| mozilla | thunderbird | to 140.11 (exc) |
| mozilla | thunderbird | to 151.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a mitigation bypass in the DOM (Document Object Model) security component of Mozilla Firefox. It means that a security measure designed to protect the DOM was circumvented, potentially allowing an attacker to exploit the browser in ways that were previously prevented.
The issue was addressed and fixed in Firefox version 151 and Firefox ESR 140.11.
How can this vulnerability impact me? :
Exploitation of this vulnerability could allow attackers to bypass security protections in the browser's DOM, potentially leading to unauthorized actions such as executing malicious scripts or accessing sensitive information within the browser context.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox to version 151 or later, or Firefox ESR to version 140.11 or later.