← volver
CVE-2026-8706

Sensitive user data could be leaked to other applications through Reader mode

CVSS 6.5 MEDIUMEPSS 0.2%CWE-200CWE-306
Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
Mozilla · Firefox for iOS

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://bugzilla.mozilla.org/show_bug.cgi?id=2036618https://www.mozilla.org/security/advisories/mfsa2026-49/