CVE Catalog
CVE-2026-12304
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk0.20%
9th percentile — higher than 9% of all known CVEs
Summary
A vulnerability allowing same-origin policy bypass in the Networking: Cookies component. It was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
Risk Assessment
Bypassing the same-origin policy may lead to unauthorized access to user data, posing a serious threat to the security of web applications.
Recommendation
It is recommended to update Firefox and Thunderbird to the latest versions to mitigate this vulnerability.
Original NVD description (English source)
Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

