CVE-2026-8965
Information Disclosure in Firefox DOM Security Component
Publication date: 2026-05-19
Last updated on: 2026-05-20
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | to 151.0.0 (exc) |
| mozilla | thunderbird | to 151.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an information disclosure issue within the Document Object Model (DOM) security component of Firefox. It means that sensitive information could potentially be exposed due to a flaw in how the browser handles security in the DOM.
The issue was addressed and fixed in Firefox version 151.
How can this vulnerability impact me? :
This vulnerability could lead to unauthorized disclosure of information through the browser's DOM security component. An attacker might exploit this to access sensitive data that should be protected, potentially compromising user privacy or security.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability was fixed in Firefox 151. To mitigate this vulnerability, you should update your Firefox browser to version 151 or later.