5.4

CVE-2026-12323

Spoofing issue in the DOM: Core & HTML component

Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox SwEdition- Version < 152.0.0
MozillaThunderbird SwEdition- Version < 152.0.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.064
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CWE-1021 Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

https://www.mozilla.org/security/advisories/mfsa2026-57/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=2035027
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-60/
Vendor Advisory