6.5

CVE-2026-8961

Spoofing issue in the Form Autofill component

Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox SwEditionesr Version < 140.11.0
MozillaFirefox SwEdition- Version < 151.0.0
MozillaThunderbird SwEditionesr Version < 140.11
MozillaThunderbird SwEdition- Version < 151.0.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.32% 0.238
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://www.mozilla.org/security/advisories/mfsa2026-46/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-48/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1962625
Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-51/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-50/
Vendor Advisory