Information Disclosure in Firefox IP Protection Component
CVE-2026-8966

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-8966?

An information disclosure vulnerability exists within the IP Protection component of Firefox. This flaw can potentially allow unauthorized access to sensitive data, impacting user privacy and confidentiality. The vulnerability has been resolved in Firefox version 151, which addresses this security concern effectively. Users are encouraged to update to the latest version to ensure their systems remain secure.

Affected Version(s)

Firefox 151

Thunderbird 151

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2025849

https://www.mozilla.org/security/advisories/mfsa2026-46/

https://www.mozilla.org/security/advisories/mfsa2026-50/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 19, 2026

Credit

Rintaro Kobayashi

CVE-2026-8966 Data

JSON

Mozilla

What is CVE-2026-8966?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit