CVE-2026-8963
Web Speech Component Spoofing in Firefox
Publication date: 2026-05-19
Last updated on: 2026-05-20
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 151.0.0 (exc) |
| mozilla | thunderbird | to 151.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a spoofing issue found in the Web Speech component of Mozilla Firefox. Spoofing vulnerabilities typically allow an attacker to deceive users or systems by masquerading as a trusted entity or by falsifying information.
The issue was addressed and fixed in Firefox version 151.
How can this vulnerability impact me? :
A spoofing vulnerability in the Web Speech component could allow attackers to impersonate legitimate speech inputs or manipulate speech recognition results, potentially leading to unauthorized actions or misinformation.
This could impact users by causing them to trust false information or commands, which might affect the security and integrity of applications relying on the Web Speech component.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox to version 151 or later where the spoofing issue in the Web Speech component has been fixed.