Description
Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
Published: 2026-05-19
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is located in Mozilla Firefox’s Security component. It allows an attacker, through a malicious web page or script, to read sensitive information that resides in the Document Object Model. The exposure could include URLs, user credentials, or other configuration details that normally remain confidential, resulting in an information‑exposure weakness.

Affected Systems

All releases of Mozilla Firefox prior to version 151 are affected. The issue was rectified in version 151, so any installation older than that release contains the vulnerability.

Risk and Exploitability

No CVSS score is given and the EPSS score is not available, so the exact severity and exploitation probability are not quantified. As the flaw involves data exposure in the DOM, the most likely attack vector is web‑based, where a malicious web page could trigger the bug in a user’s browser session. The lack of a KEV listing and absence of widespread exploitation evidence suggest the risk is currently low, but the impact is significant if compromised.

Generated by OpenCVE AI on May 19, 2026 at 16:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch for Mozilla Firefox version 151 or later to eliminate the DOM information disclosure that corresponds to CWE-200.
  • Review and tighten the browser’s privacy settings, ensuring that sensitive data handling follows the least‑privilege principle to mitigate information exposure as identified by CWE-200.
  • Configure a strict content security policy and enable automatic updates to reduce the possibility of malicious scripts exploiting the vulnerability, aligning with CWE-200 mitigation practices.

Generated by OpenCVE AI on May 19, 2026 at 16:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151. Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
References

Tue, 19 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 19 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151.
Title Information disclosure in the DOM: Security component
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-05-19T17:10:54.366Z

Reserved: 2026-05-19T12:30:08.950Z

Link: CVE-2026-8965

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-19T14:16:52.930

Modified: 2026-05-19T14:23:47.477

Link: CVE-2026-8965

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T16:45:06Z

Weaknesses

No weakness.