Description
Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
Published: 2026-05-19
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an information disclosure flaw in the Graphics: WebGPU component of Mozilla products, allowing data to be read from GPU memory. This can expose user information or sensitive graphics data and directly compromises confidentiality.

Affected Systems

Mozilla Firefox and Thunderbird versions prior to 151 are vulnerable; the issue was addressed in version 151 for both products.

Risk and Exploitability

The EPSS score is 0.00017 (<1%) and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector involves a malicious web page or injected code that uses the WebGPU API to access memory, though no public exploit is known. The risk level should be considered moderate, but it is critical for environments that rely heavily on GPU workloads.

Generated by OpenCVE AI on May 20, 2026 at 18:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Firefox to version 151 or later, or upgrade Thunderbird to 151 or later, to remove the vulnerability.
  • If an immediate update is not possible, disable the WebGPU feature in the advanced settings or via policy to prevent exploitation.
  • Maintain up‑to‑date security patch baselines and monitor Mozilla security advisories for further updates.

Generated by OpenCVE AI on May 20, 2026 at 18:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla thunderbird
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
Vendors & Products Mozilla thunderbird

Wed, 20 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 19 May 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Tue, 19 May 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Tue, 19 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151. Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
References

Tue, 19 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Weaknesses CWE-200
Vendors & Products Mozilla
Mozilla firefox

Tue, 19 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151.
Title Information disclosure in the Graphics: WebGPU component
References

Subscriptions

Mozilla Firefox Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-05-20T15:46:08.917Z

Reserved: 2026-05-19T12:30:11.954Z

Link: CVE-2026-8967

cve-icon Vulnrichment

Updated: 2026-05-20T15:42:57.588Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-19T14:16:53.160

Modified: 2026-05-20T17:57:45.130

Link: CVE-2026-8967

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T18:15:26Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor