Spoofing Vulnerability in Popup Blocker in Firefox by Mozilla
CVE-2026-8964

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-8964?

A spoofing issue in the Popup Blocker component of Firefox allows attackers to manipulate user interactions, potentially leading to unauthorized content or actions. This vulnerability has been addressed in Firefox version 151, enhancing the security of the Popup Blocker feature.

Affected Version(s)

Firefox 151

Thunderbird 151

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2025170

https://www.mozilla.org/security/advisories/mfsa2026-46/

https://www.mozilla.org/security/advisories/mfsa2026-50/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 19, 2026

Credit

Satoki Tsuji

CVE-2026-8964 Data

JSON