Description
Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.
Published: 2026-05-19
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a spoofing flaw in the Toolbar component of Firefox for Android. It permits malicious content to display counterfeit toolbar elements, which can mislead users into performing unintended actions or revealing sensitive information. Based on the description, the likely attack vector involves malicious web pages or compromised add‑on content that instructs the browser to render falsified UI elements. The consequence of such deception is a breach of user trust and potential compromise of credentials or data accessed through the UI.

Affected Systems

Mozilla Firefox for Android, all releases prior to version 151.

Risk and Exploitability

The CVSS score is 6.5 and the EPSS score is unavailable, indicating no known data on exploitation likelihood. The vulnerability is not listed in CISA KEV. Because the issue was fixed in Firefox 151, the risk is mitigated by upgrading. Prior to updating, the flaw could be exploited through local or remote means by loading malicious content that tricks the user, but the lack of exploitation data makes it difficult to assess real‑world impact.

Generated by OpenCVE AI on May 19, 2026 at 17:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Firefox version for Android (151 or newer).
  • Verify that the toolbar no longer presents spoofed elements by testing with known malicious or suspicious web pages.
  • If upgrading is not immediately possible, restrict the use of third‑party browsers that may not include this fix and ensure the device OS is up to date with security patches.

Generated by OpenCVE AI on May 19, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*

Tue, 19 May 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-290
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 19 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79

Tue, 19 May 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 19 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.
Title Spoofing issue in the Toolbar component in Firefox for Android
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-05-19T15:42:06.372Z

Reserved: 2026-05-19T12:29:42.967Z

Link: CVE-2026-8951

cve-icon Vulnrichment

Updated: 2026-05-19T15:41:05.102Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-19T14:16:51.370

Modified: 2026-05-20T14:48:26.560

Link: CVE-2026-8951

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T17:30:10Z

Weaknesses
  • CWE-290

    Authentication Bypass by Spoofing

  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')