Main Vulnerability Database Vulnerabilities #VU121207

#VU121207 Protection mechanism failure in Mozilla products - CVE-2026-0877

Published: January 13, 2026

Vulnerability identifier: #VU121207

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2026-0877

CWE-ID: CWE-693

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Firefox ESR
Mozilla Firefox
Firefox for Android

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. An attacker can bypass implemented DOM security restrictions and execute arbitrary JavaScript code.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2026-02/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/

#VU121207 Protection mechanism failure in Mozilla products - CVE-2026-0877

Description

Remediation

External links

Please verify you're human