Sensitive user data could be leaked to other applications through...

6.2 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0.

Basic Information

ID CVE-2026-8706

Source mozilla

Published May 19, 2026 at 14:27

Modified May 19, 2026 at 15:58

Affected Product

Vendor Mozilla

Product Firefox for iOS

Version 151.0

CWE Classification

CWE-306 CWE-200

References

{
    "lastseen": "",
    "description": "Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0.",
    "published": "2026-05-19T14:27:38.483Z",
    "modified": "2026-05-19T15:58:38.822Z",
    "type": "cve",
    "title": "Sensitive user data could be leaked to other applications through Reader mode",
    "source": "mozilla",
    "references": "https://bugzilla.mozilla.org/show_bug.cgi?id=2036618\nhttps://www.mozilla.org/security/advisories/mfsa2026-49/",
    "id": "CVE-2026-8706",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306",
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 6.2,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Firefox for iOS",
    "version": "151.0",
    "vendor": "Mozilla",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Sensitive user data could be leaked to other applications through Reader mode_CVE-2026-8706