CVE-2026-8948

⛔ critical

Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.

CVSS Score

9.1

Critical

EPSS Score

0.0

Exploit Probability

Published Date

2026-05-19

First Seen: 2026-05-20

This CVE is High Risk - more severe than 87.7% of all 327,306 vulnerabilities in our database.

#40,206

Top 25% most severe

Severity Percentile

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Total

Complete system compromise possible

🏆 Discovered By

satyamasd

SSVC data provided by CISA

Last Modified 2026-05-20

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE IDs (Weakness Types)

CWE-942

📦 Affected Products 2

Vendor	Product	Status	Affected Versions
mozilla	firefox	Affected	< 151.0.0
mozilla	thunderbird	Affected	< 151.0.0

Permissions Required

Vendor Advisory

Vendor Advisory

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-10701	⚠️ high	7.5	0.0	Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3.	2026-06-02
CVE-2026-10702	🔶 medium	4.3	0.0	JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3.	2026-06-02
CVE-2026-9308	🔶 medium	5.4	0.0	Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A m...	2026-06-01
CVE-2026-9309	🔶 medium	5.4	0.0	Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup ...	2026-06-01
CVE-2026-9078	🔶 medium	5.4	0.0	Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in...	2026-05-25
CVE-2026-8945	⚠️ high	7.5	0.1	Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.	2026-05-19

These CVEs affect the same products