CVE-2026-0877

Published: Jan 13, 2026Modified: Apr 13, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Affected (5)

Products: Mozilla: Firefox, Thunderbird

2 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 147.0
Mozilla Firefox	Before 115.32.0
Mozilla Firefox	From 128.0 to 140.7.0
Mozilla Thunderbird	Before 147.0
Mozilla Thunderbird	Before 140.7.0

Related CWEs

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References (6)

https://bugzilla.mozilla.org/show_bug.cgi?id=1999257

Source: security@mozilla.org

Permissions Required

https://www.mozilla.org/security/advisories/mfsa2026-01/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2026-02/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2026-03/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2026-04/

Source: security@mozilla.org

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2026-05/

Source: security@mozilla.org

Vendor Advisory

Timeline

No history available yet.