Description
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Published: 2026-05-19
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A mitigation bypass was discovered in a DOM security component of Mozilla Firefox. The flaw allows an attacker to circumvent the browser’s built‑in security restrictions and gain unintended access to privileged functionality. The impact of exploiting the vulnerability could result in unauthorized manipulation of page content or elevation of privileges within the browser context. The precise mechanics are not detailed, but the intended security boundary is clearly violated.

Affected Systems

Mozilla Firefox users running versions prior to 151 and those on the ESR channel older than 140.11 are potentially affected. All other, newer releases contain the fix.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, so the public exploitation probability is uncertain. No CVSS score is supplied, which limits severity assessment. Based on the description, the likely attack vector involves malicious web content that can be delivered through a compromised site or local file. Once executed, an attacker may bypass DOM‑level restrictions and carry out actions that the was designed to prevent. The combination of a security‑boundary violation and the absence of a known public exploit suggests the risk is noteworthy for organizations that rely on older Firefox versions.

Generated by OpenCVE AI on May 19, 2026 at 14:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Firefox release (151 or newer).
  • If on the ESR channel, upgrade to Firefox ESR 140.11 or later.
  • Continuously monitor Mozilla security advisories and apply updates promptly to keep the browser current.

Generated by OpenCVE AI on May 19, 2026 at 14:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11. Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
References

Tue, 19 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Weaknesses CWE-269
CWE-285
Vendors & Products Mozilla
Mozilla firefox

Tue, 19 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.
Title Mitigation bypass in the DOM: Security component
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-05-19T17:10:51.227Z

Reserved: 2026-05-19T12:29:59.235Z

Link: CVE-2026-8962

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-19T14:16:52.600

Modified: 2026-05-19T14:23:47.477

Link: CVE-2026-8962

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T15:00:10Z

Weaknesses