Information Disclosure in Firefox Security Component
CVE-2026-8965

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-8965?

A vulnerability exists in the Firefox web browser that allows for information disclosure through the Document Object Model (DOM) related to its security component. This flaw can potentially expose sensitive information to unauthorized users. Mozilla addressed this issue in Firefox version 151, ensuring users of the browser are protected against this type of risk.

Affected Version(s)

Firefox 151

Thunderbird 151

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2025740

https://www.mozilla.org/security/advisories/mfsa2026-46/

https://www.mozilla.org/security/advisories/mfsa2026-50/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 19, 2026

Credit

Shihab Mirza

CVE-2026-8965 Data

JSON