CVE-2026-8967
Description
Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An information disclosure vulnerability exists in Firefox and Thunderbird's WebGPU component, fixed in versions 151.
Vulnerability
An information disclosure vulnerability exists in the Graphics: WebGPU component of Firefox and Thunderbird. The bug allows an attacker to read potentially sensitive data from memory. Affected versions include Firefox prior to 151 and Thunderbird prior to 151 [1][2].
Exploitation
An attacker would need to entice a user to view specially crafted web content that triggers the WebGPU API. No further authentication or network position is required beyond the ability to serve a page to the victim [1].
Impact
Successful exploitation results in information disclosure, potentially leaking memory contents that could include sensitive user data [1].
Mitigation
The vulnerability is fixed in Firefox 151 and Thunderbird 151, released on May 19, 2026 [1][2]. Users should update to these versions or later.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <151
- Range: <151
- Range: <151
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.mozilla.org/security/advisories/mfsa2026-46/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2026-50/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdPermissions Required
News mentions
0No linked articles in our index yet.