CVE-2026-0877

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-0877
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1999257 Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-01/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-02/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-03/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-04/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-05/ Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:0667
https://access.redhat.com/errata/RHSA-2026:0694
https://access.redhat.com/errata/RHSA-2026:0924
https://access.redhat.com/errata/RHSA-2026:1320
https://access.redhat.com/errata/RHSA-2026:1413
https://access.redhat.com/errata/RHSA-2026:1414
https://access.redhat.com/errata/RHSA-2026:1415
https://access.redhat.com/errata/RHSA-2026:1461
https://access.redhat.com/errata/RHSA-2026:1462
https://access.redhat.com/errata/RHSA-2026:1471
https://access.redhat.com/errata/RHSA-2026:1487
https://access.redhat.com/errata/RHSA-2026:2041
https://access.redhat.com/errata/RHSA-2026:2043
https://access.redhat.com/errata/RHSA-2026:2044
https://access.redhat.com/errata/RHSA-2026:2047
https://access.redhat.com/errata/RHSA-2026:2069
https://access.redhat.com/errata/RHSA-2026:2070
https://access.redhat.com/errata/RHSA-2026:2073
https://access.redhat.com/errata/RHSA-2026:2074
https://access.redhat.com/errata/RHSA-2026:2220
https://access.redhat.com/errata/RHSA-2026:2231
https://access.redhat.com/errata/RHSA-2026:2271
https://access.redhat.com/errata/RHSA-2026:2286
https://access.redhat.com/security/cve/CVE-2026-0877
https://bugzilla.redhat.com/show_bug.cgi?id=2428969
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0877.json
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
History

30 Jun 2026, 03:17

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:0667 -
  • () https://access.redhat.com/errata/RHSA-2026:0694 -
  • () https://access.redhat.com/errata/RHSA-2026:0924 -
  • () https://access.redhat.com/errata/RHSA-2026:1320 -
  • () https://access.redhat.com/errata/RHSA-2026:1413 -
  • () https://access.redhat.com/errata/RHSA-2026:1414 -
  • () https://access.redhat.com/errata/RHSA-2026:1415 -
  • () https://access.redhat.com/errata/RHSA-2026:1461 -
  • () https://access.redhat.com/errata/RHSA-2026:1462 -
  • () https://access.redhat.com/errata/RHSA-2026:1471 -
  • () https://access.redhat.com/errata/RHSA-2026:1487 -
  • () https://access.redhat.com/errata/RHSA-2026:2041 -
  • () https://access.redhat.com/errata/RHSA-2026:2043 -
  • () https://access.redhat.com/errata/RHSA-2026:2044 -
  • () https://access.redhat.com/errata/RHSA-2026:2047 -
  • () https://access.redhat.com/errata/RHSA-2026:2069 -
  • () https://access.redhat.com/errata/RHSA-2026:2070 -
  • () https://access.redhat.com/errata/RHSA-2026:2073 -
  • () https://access.redhat.com/errata/RHSA-2026:2074 -
  • () https://access.redhat.com/errata/RHSA-2026:2220 -
  • () https://access.redhat.com/errata/RHSA-2026:2231 -
  • () https://access.redhat.com/errata/RHSA-2026:2271 -
  • () https://access.redhat.com/errata/RHSA-2026:2286 -
  • () https://access.redhat.com/security/cve/CVE-2026-0877 -
  • () https://bugzilla.redhat.com/show_bug.cgi?id=2428969 -
  • () https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0877.json -

13 Apr 2026, 15:17

Type Values Removed Values Added
Summary
  • (es) Elusión de mitigación en el DOM: Componente de seguridad. Esta vulnerabilidad afecta a Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147 y Thunderbird < 140.7.
Summary (en) Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. (en) Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

22 Jan 2026, 18:37

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
First Time Mozilla
Mozilla firefox
Mozilla thunderbird
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1999257 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1999257 - Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2026-01/ - () https://www.mozilla.org/security/advisories/mfsa2026-01/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2026-02/ - () https://www.mozilla.org/security/advisories/mfsa2026-02/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2026-03/ - () https://www.mozilla.org/security/advisories/mfsa2026-03/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2026-04/ - () https://www.mozilla.org/security/advisories/mfsa2026-04/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2026-05/ - () https://www.mozilla.org/security/advisories/mfsa2026-05/ - Vendor Advisory

15 Jan 2026, 10:16

Type Values Removed Values Added
Summary (en) Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7. (en) Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
References
  • () https://www.mozilla.org/security/advisories/mfsa2026-04/ -
  • () https://www.mozilla.org/security/advisories/mfsa2026-05/ -

13 Jan 2026, 16:16

Type Values Removed Values Added
CWE CWE-693
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.1

13 Jan 2026, 14:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-01-13 14:16

Updated : 2026-06-30 03:17

NVD link : CVE-2026-0877

Mitre link : CVE-2026-0877

CVE.ORG link : CVE-2026-0877

JSON object : View

Products Affected

mozilla

  • firefox
  • thunderbird
CWE
CWE-693

Protection Mechanism Failure