Description
Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
Published: 2026-05-19
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the IP Protection component of Mozilla Firefox allows an attacker to read data that should remain private. The vulnerability is an information exposure weakness that could expose proprietary or confidential content. It is not clear from the advisory how the flaw is triggered, but the component’s interaction with IP‑dependent data suggests that exploitation may require access to the vulnerable code path, either through a crafted page or a local user action. The likely attack vector therefore is not explicitly stated but could involve user‑initiated content that engages the IP Protection logic.

Affected Systems

Firefox versions before 151 contain the flaw. The security fix was introduced in Firefox 151; any install at that version or newer is not vulnerable. No other vendors or products are mentioned in the advisory.

Risk and Exploitability

Because no CVSS or EPSS score is available, the severity cannot be quantified. The flaw is not listed in CISA’s KEV catalog, and there is no known public exploit. Nonetheless, any attacker who can interact with a vulnerable instance of Firefox could access the exposed data, so the potential impact on confidentiality remains until the fix is applied.

Generated by OpenCVE AI on May 19, 2026 at 15:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Firefox installation to version 151 or later to receive the vendor‑issued fix
  • If an upgrade cannot be performed immediately, temporarily disable the IP Protection component by setting the appropriate about:config preference to false, which removes the vulnerable code path from execution
  • Continue checking for and applying security updates from Mozilla as they become available

Generated by OpenCVE AI on May 19, 2026 at 15:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151. Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
References

Tue, 19 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 19 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151.
Title Information disclosure in the IP Protection component
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-05-19T17:10:54.733Z

Reserved: 2026-05-19T12:30:10.538Z

Link: CVE-2026-8966

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-19T14:16:53.043

Modified: 2026-05-19T14:23:47.477

Link: CVE-2026-8966

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T15:30:08Z

Weaknesses

No weakness.