CVE-2026-0888
Description
Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Information disclosure in the XML component of Mozilla Firefox and Thunderbird, fixed in version 147.
Vulnerability
Description CVE-2026-0888 is an information disclosure vulnerability affecting the XML component of Mozilla Firefox and Thunderbird. The root cause is not publicly detailed, but it allows unintended exposure of information.
Exploitation
In general, these flaws cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but they are potential risks in browser or browser-like contexts [1]. The exact attack vector is not specified, but it likely requires processing a crafted XML document.
Impact
Successful exploitation could lead to information disclosure, potentially revealing sensitive data to an attacker. The CVSS v3 base score is 5.3 (Medium).
Mitigation
Mozilla has addressed this vulnerability in Firefox 147 and Thunderbird 147 [1][2]. Users are advised to update to these versions immediately. No workarounds have been reported.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.mozilla.org/security/advisories/mfsa2026-01/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2026-04/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdPermissions Required
News mentions
0No linked articles in our index yet.