CVE-2026-8966
Description
Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Information disclosure in the IP Protection component of Firefox and Thunderbird, fixed in version 151.
Vulnerability
This vulnerability affects the IP Protection component of Firefox and Thunderbird. It allows for information disclosure. The affected versions are prior to Firefox 151 and Thunderbird 151. The IP Protection component is a privacy feature, and this flaw could expose user data [1], [2].
Exploitation
An attacker can exploit this vulnerability without any special privileges. The vulnerability is reachable by a malicious actor who can trigger the IP Protection component to leak information, possibly through a crafted web page or other network-based attack. No user interaction beyond normal browsing is required [1].
Impact
Successful exploitation leads to information disclosure, potentially revealing sensitive user data such as browsing activity or IP addresses to an attacker. The impact is rated as high severity with a CVSS v3 score of 7.5 [1].
Mitigation
The vulnerability is fixed in Firefox 151 and Thunderbird 151, released on May 19, 2026. Users should update to these versions. No workarounds are available. There is no indication that this CVE is listed in the KEV catalog [1], [2].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <151
- Range: <151
- Range: <151
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.mozilla.org/security/advisories/mfsa2026-46/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2026-50/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdPermissions Required
News mentions
0No linked articles in our index yet.