Spoofing Vulnerability in Web Speech Component of Firefox
CVE-2026-8963

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-8963?

A vulnerability in the Web Speech component of Firefox allows attackers to impersonate users by spoofing speech-related actions. This issue impacts Firefox versions up to and including version 150. Mozilla has addressed and patched this vulnerability in Firefox version 151, enhancing the security of the Web Speech framework and user interactions involving speech recognition.

Affected Version(s)

Firefox 151

Thunderbird 151

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2021222

https://www.mozilla.org/security/advisories/mfsa2026-46/

https://www.mozilla.org/security/advisories/mfsa2026-50/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 19, 2026

Credit

Qadhafy Muhammad Tera

CVE-2026-8963 Data

JSON