Description
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
Published: 2026-05-19
Score: 8.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE refers to a mitigation bypass within the DOM security component of Mozilla Firefox. It indicates that the browser could incorrectly apply security checks to web content. The issue is classified as CWE‑693, a protection mechanism failure. The protection mechanism was fixed in version 151, meaning earlier releases lack the safeguard. No additional details about the attacker model or resulting privileges are provided in the description.

Affected Systems

Mozilla Firefox versions prior to 151 are affected. Scripts that rely on the faulty DOM handling could be processed by those releases, exposing them to the flaw.

Risk and Exploitability

The vulnerability is listed as not having an EPSS score and is not in the CISA KEV catalog. It has a CVSS score of 8.1. Therefore, the severity of the vulnerability is considered high. The flaw appears to be exploitable only by users who load compromised content in a vulnerable Firefox instance, but no evidence of real‑world exploitation is cited.

Generated by OpenCVE AI on May 19, 2026 at 17:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox to version 151 or later, which contains the security fix.
  • Consider using a reputable script‑blocking extension when updating is delayed, although it may not fully compensate for the bypass.
  • Stay informed about new patches by monitoring Mozilla’s security advisories.

Generated by OpenCVE AI on May 19, 2026 at 17:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151. Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
References

Tue, 19 May 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79

Tue, 19 May 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79

Tue, 19 May 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-693
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 19 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 19 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151.
Title Mitigation bypass in the DOM: Security component
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-05-19T17:10:55.381Z

Reserved: 2026-05-19T12:30:14.951Z

Link: CVE-2026-8969

cve-icon Vulnrichment

Updated: 2026-05-19T14:25:54.056Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-19T14:16:53.390

Modified: 2026-05-19T16:16:23.660

Link: CVE-2026-8969

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T17:15:10Z

Weaknesses