Same-Origin Policy Bypass in Firefox Networking Component
CVE-2026-8948

9.1CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-8948?

A vulnerability exists in the Networking component of Firefox that allows an attacker to bypass the same-origin policy. This can potentially enable unauthorized access to sensitive user information across different sites. Mozilla promptly addressed this security risk in Firefox version 151, urging users to update to maintain the integrity and security of their browsing experience.

Affected Version(s)

Firefox 151

Thunderbird 151

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2038803

https://www.mozilla.org/security/advisories/mfsa2026-46/

https://www.mozilla.org/security/advisories/mfsa2026-50/

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 19, 2026

Credit

satyamasd

CVE-2026-8948 Data

JSON