Spoofing Vulnerability in Firefox's Form Autofill Component
CVE-2026-8961

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-8961?

A spoofing vulnerability exists in the Form Autofill component of Firefox, which could allow attackers to manipulate data entries. This could lead to users being misled by inaccurate information automatically filled in online forms. The issue was addressed in Firefox version 151 and Firefox ESR version 140.11, ensuring that users can trust the integrity of the information being presented by the browser.

Affected Version(s)

Firefox 140.11

Firefox 151

Thunderbird 140.11

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1962625

https://www.mozilla.org/security/advisories/mfsa2026-46/

https://www.mozilla.org/security/advisories/mfsa2026-48/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 19, 2026

Credit

Hafiizh

CVE-2026-8961 Data

JSON

Mozilla

What is CVE-2026-8961?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit