Description
Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
Published: 2026-05-19
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Mozilla's Firefox browser includes a popup blocker that prevents unsolicited pop‑up windows. A flaw in the Popup Blocker component allows an attacker to bypass this protection, presenting the user with a deceptive popup that appears to originate from a trusted source. This spoofing vulnerability can mislead users into interacting with malicious content or revealing personal information, effectively creating a UI deception that could lead to phishing or fraud.

Affected Systems

Affected systems include any installation of Mozilla Firefox older than version 151. Versions prior to the 151 patch are susceptible, regardless of the operating system. The vulnerability is limited to the browser client and does not require privileged access or additional network services.

Risk and Exploitability

The EPSS score is currently unavailable and the issue is not listed in CISA's KEV catalog, so exploitation probability is unknown but could exist in the wild given the widespread use of Firefox. The CVSS score is not provided, but the ability to mislead users suggests a high confidentiality and integrity impact and a moderate to high availability impact if used to trick users into insecure actions. The likely attack vector is an active adversary that can host a malicious webpage or engineer phishing links, with the user interacting with that page in their browser.

Generated by OpenCVE AI on May 19, 2026 at 15:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Firefox to version 151 or newer
  • Configure the popup blocker to strict mode and avoid allowing exceptions for unknown sites
  • Educate users to recognize and avoid deceptive pop‑ups

Generated by OpenCVE AI on May 19, 2026 at 15:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151. Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
References

Tue, 19 May 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 19 May 2026 15:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1021
CWE-200

Tue, 19 May 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-451
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 19 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151.
Title Spoofing issue in the Popup Blocker component
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-05-19T17:10:54.077Z

Reserved: 2026-05-19T12:30:07.287Z

Link: CVE-2026-8964

cve-icon Vulnrichment

Updated: 2026-05-19T14:59:14.349Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-19T14:16:52.823

Modified: 2026-05-19T16:16:23.463

Link: CVE-2026-8964

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T16:00:09Z

Weaknesses