Mitigation Bypass in the Security Component of Firefox and Firefox ESR
CVE-2026-8962

8.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-8962?

A vulnerability exists that allows for a mitigation bypass in the security component of Firefox. This flaw could lead to unintended access control issues, enabling malicious actors to potentially exploit protected areas. The issue has been addressed in Firefox version 151 and Firefox ESR version 140.11, highlighting the importance of keeping software updated to maintain security integrity.

Affected Version(s)

Firefox 140.11

Firefox 151

Thunderbird 140.11

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2004804

https://www.mozilla.org/security/advisories/mfsa2026-46/

https://www.mozilla.org/security/advisories/mfsa2026-48/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 19, 2026

Credit

Manojkumar Jaganathan

CVE-2026-8962 Data

JSON

Mozilla

What is CVE-2026-8962?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit