PatchSiren cyber security CVE debrief
CVE-2026-0877 Mozilla CVE debrief
CVE-2026-0877 is a high-severity vulnerability in Mozilla's Firefox, Firefox ESR, and Thunderbird products. This mitigation bypass issue in the DOM: Security component was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. The vulnerability has a CVSS score of 8.1 and is considered HIGH. It allows attackers to bypass mitigations in the DOM: Security component, potentially leading to unauthorized access and data breaches. Users of affected products should update to the latest versions to mitigate this vulnerability.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-06-30
Who should care
Organizations and individuals using Mozilla's Firefox, Firefox ESR, and Thunderbird products should prioritize updating to the latest versions to mitigate this vulnerability. This is particularly important for high-severity vulnerabilities like CVE-2026-0877, which could lead to significant security risks if exploited. IT teams and cybersecurity professionals should ensure that all instances of affected products are updated promptly.
Technical summary
CVE-2026-0877 is a mitigation bypass vulnerability in the DOM: Security component of Mozilla's products. The vulnerability was publicly disclosed on January 13, 2026, and has since been modified on June 30, 2026. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N, indicating a high level of severity. The vulnerability affects multiple products, including Firefox, Firefox ESR, and Thunderbird. Successful exploitation could allow attackers to bypass security mitigations, potentially leading to unauthorized access and data breaches.
Defensive priority
High priority should be given to updating affected products to the latest versions. Organizations should ensure that all instances of Firefox, Firefox ESR, and Thunderbird are updated to versions 147, 115.32, 140.7, or later, as applicable. This vulnerability's high severity and potential impact on security make it a critical task for IT teams and cybersecurity professionals.
Recommended defensive actions
- Update Firefox to version 147 or later
- Update Firefox ESR to version 115.32 or later
- Update Firefox ESR to version 140.7 or later
- Update Thunderbird to version 147 or later
- Update Thunderbird to version 140.7 or later
Evidence notes
The CVE-2026-0877 vulnerability was publicly disclosed on January 13, 2026, with a CVSS score of 8.1 and a HIGH severity rating. The vulnerability affects multiple Mozilla products, including Firefox, Firefox ESR, and Thunderbird. The CVE record and NVD detail provide comprehensive information about the vulnerability, including its CVSS vector and affected products. Multiple vendor advisories and references are available, including those from Mozilla and Red Hat.
Official resources
-
CVE-2026-0877 CVE record
CVE.org
-
CVE-2026-0877 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Permissions Required
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.