Description
Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
Published: 2026-05-19
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an information disclosure flaw in the Graphics: WebGPU component of Firefox. It allows a malicious website or injected content to read private data stored in the GPU memory, potentially exposing user information or sensitive graphics data. This weakness directly compromises confidentiality and is classified as a data‑exposure issue.

Affected Systems

The affected product is Mozilla Firefox. No specific version range is provided in the CNA data, but the issue was addressed in Firefox 151, implying that versions prior to 151 are vulnerable.

Risk and Exploitability

Explicit exploitation metrics are not available; the EPSS score is not provided and the vulnerability is not listed in CISA's KEV catalog. Inference from the description suggests the attack vector is a remote web page running in the browser that can exploit the WebGPU API. While no public exploit is known, the absence of a KEV listing does not preclude manual exploitation. The risk level should be considered moderate, but it is critical for environments that rely heavily on GPU workloads.

Generated by OpenCVE AI on May 19, 2026 at 14:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Firefox 151 or later to remove the vulnerability
  • If an immediate update is not possible, disable the WebGPU feature in the advanced settings or via policy
  • Maintain up‑to‑date security patch baselines and monitor Mozilla security advisories for further updates

Generated by OpenCVE AI on May 19, 2026 at 14:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151. Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
References

Tue, 19 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Weaknesses CWE-200
Vendors & Products Mozilla
Mozilla firefox

Tue, 19 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151.
Title Information disclosure in the Graphics: WebGPU component
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-05-19T17:10:55.075Z

Reserved: 2026-05-19T12:30:11.954Z

Link: CVE-2026-8967

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-19T14:16:53.160

Modified: 2026-05-19T14:23:47.477

Link: CVE-2026-8967

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T15:00:10Z

Weaknesses