Description
Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0.
Published: 2026-05-19
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Firefox for iOS hosts Reader mode on an unauthenticated local web server. This configuration enables any other application running on the same device to request arbitrary URLs directed at the local server and receive the rendered response with the signed‑in user’s cookies. The resulting page can contain information that the authenticated user has access to, potentially exposing sensitive content to a third‑party app.

Affected Systems

The vulnerability affects all builds of Firefox for iOS prior to version 151.0. No other vendors or products are listed as impacted.

Risk and Exploitability

The vulnerability has a CVSS score of 6.5, indicating moderate severity. The flaw is exploitable locally; an attacker only needs to run an application on the device that can access the local web server, which is unprotected and does not require authentication. EPSS data is unavailable, and the flaw can reveal user‑specific content, so the risk is considered significant. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on May 19, 2026 at 19:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to Firefox for iOS 151.0 or newer, which removes the unauthenticated local web server used by Reader mode.
  • If an update cannot be applied immediately, disable or eliminate the Reader mode feature from the application settings to prevent the local web server from being exposed.
  • Avoid installing or running applications that may issue HTTP requests to localhost while the vulnerable Firefox build is active.

Generated by OpenCVE AI on May 19, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla firefox
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:*:iphone_os:*:*
Vendors & Products Mozilla firefox

Tue, 19 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Tue, 19 May 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox For Ios
Vendors & Products Mozilla
Mozilla firefox For Ios

Tue, 19 May 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-306
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 19 May 2026 15:45:00 +0000

Type Values Removed Values Added
Description Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0.
Title Sensitive user data could be leaked to other applications through Reader mode
References

Subscriptions

Mozilla Firefox Firefox For Ios
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-05-19T17:12:23.626Z

Reserved: 2026-05-15T19:32:40.967Z

Link: CVE-2026-8706

cve-icon Vulnrichment

Updated: 2026-05-19T15:57:03.119Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-19T16:16:22.580

Modified: 2026-05-20T14:23:35.800

Link: CVE-2026-8706

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T19:30:12Z

Weaknesses