Information Disclosure in Firefox's WebGPU Component
CVE-2026-8967

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-8967?

A security vulnerability has been identified in the WebGPU component of Firefox, allowing potential information leakage. This flaw can permit unauthorized access to sensitive data within the browser, potentially exposing user information to malicious actors. Mozilla addressed this issue in Firefox version 151, underscoring the importance of keeping web browsers updated to mitigate such vulnerabilities. Users are strongly advised to upgrade to the latest version to ensure their security.

Affected Version(s)

Firefox 151

Thunderbird 151

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2027173

https://www.mozilla.org/security/advisories/mfsa2026-46/

https://www.mozilla.org/security/advisories/mfsa2026-50/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 19, 2026

Credit

Inseo An

CVE-2026-8967 Data

JSON