PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-0877 Mozilla CVE debrief

CVE-2026-0877 is a high-severity vulnerability in Mozilla's Firefox, Firefox ESR, and Thunderbird products. This mitigation bypass issue in the DOM: Security component was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. The vulnerability has a CVSS score of 8.1 and is considered HIGH. It allows attackers to bypass mitigations in the DOM: Security component, potentially leading to unauthorized access and data breaches. Users of affected products should update to the latest versions to mitigate this vulnerability.

Vendor
Mozilla
Product
Firefox
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-01-13
Original CVE updated
2026-06-30
Advisory published
2026-01-13
Advisory updated
2026-06-30

Who should care

Organizations and individuals using Mozilla's Firefox, Firefox ESR, and Thunderbird products should prioritize updating to the latest versions to mitigate this vulnerability. This is particularly important for high-severity vulnerabilities like CVE-2026-0877, which could lead to significant security risks if exploited. IT teams and cybersecurity professionals should ensure that all instances of affected products are updated promptly.

Technical summary

CVE-2026-0877 is a mitigation bypass vulnerability in the DOM: Security component of Mozilla's products. The vulnerability was publicly disclosed on January 13, 2026, and has since been modified on June 30, 2026. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N, indicating a high level of severity. The vulnerability affects multiple products, including Firefox, Firefox ESR, and Thunderbird. Successful exploitation could allow attackers to bypass security mitigations, potentially leading to unauthorized access and data breaches.

Defensive priority

High priority should be given to updating affected products to the latest versions. Organizations should ensure that all instances of Firefox, Firefox ESR, and Thunderbird are updated to versions 147, 115.32, 140.7, or later, as applicable. This vulnerability's high severity and potential impact on security make it a critical task for IT teams and cybersecurity professionals.

Recommended defensive actions

  • Update Firefox to version 147 or later
  • Update Firefox ESR to version 115.32 or later
  • Update Firefox ESR to version 140.7 or later
  • Update Thunderbird to version 147 or later
  • Update Thunderbird to version 140.7 or later

Evidence notes

The CVE-2026-0877 vulnerability was publicly disclosed on January 13, 2026, with a CVSS score of 8.1 and a HIGH severity rating. The vulnerability affects multiple Mozilla products, including Firefox, Firefox ESR, and Thunderbird. The CVE record and NVD detail provide comprehensive information about the vulnerability, including its CVSS vector and affected products. Multiple vendor advisories and references are available, including those from Mozilla and Red Hat.

Official resources

This article is AI-assisted and based on the supplied source corpus.