Low severity2.4NVD Advisory· Published May 11, 2026· Updated May 13, 2026
CVE-2026-44658
CVE-2026-44658
Description
Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and date, and returns the item list. The live-folder manager later creates pinned lazy tabs from these values with gBrowser.addTrustedTab(item.url, ...). This vulnerability is fixed in 1.19.12b.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.19.12b
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.