CVE Catalog
CVE-2026-8948
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk0.42%
34th percentile — higher than 34% of all known CVEs
Summary
A vulnerability in the DOM: Networking component allows bypassing the same-origin policy. This flaw was fixed in Firefox 151 and Thunderbird 151.
Risk Assessment
An attacker could exploit this vulnerability to steal data or perform unauthorized actions in the context of another domain, posing a serious risk to data confidentiality and integrity.
Recommendation
Immediately update Firefox and Thunderbird to version 151 or later to remediate the vulnerability.
Original NVD description (English source)
Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

