9.8

CVE-2026-6771

Mitigation bypass in the DOM: Security component

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox SwEdition- Version < 150.0
MozillaFirefox SwEditionesr Version >= 140.0 < 140.10.0
MozillaThunderbird SwEditionesr Version >= 140.0 < 140.10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.224
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-288 Authentication Bypass Using an Alternate Path or Channel

The product requires authentication, but the product has an alternate path or channel that does not require authentication.

https://www.mozilla.org/security/advisories/mfsa2026-30/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-32/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=2025067
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-33/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-34/
Vendor Advisory