6.5
CVE-2026-8706
- EPSS 0.19%
- Veröffentlicht 19.05.2026 14:27:38
- Zuletzt bearbeitet 20.05.2026 14:23:35
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
Sensitive user data could be leaked to other applications through Reader mode
Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.089 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
https://bugzilla.mozilla.org/show_bug.cgi?id=2036618
https://www.mozilla.org/security/advisories/mfsa2026-49/