CVE-2026-0877 - Vulnerability Details - OpenCVE

Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1999257
https://www.mozilla.org/security/advisories/mfsa2026-01/
https://www.mozilla.org/security/advisories/mfsa2026-02/
https://www.mozilla.org/security/advisories/mfsa2026-03/

History

Tue, 13 Jan 2026 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-693
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 13 Jan 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7.
Title		Mitigation bypass in the DOM: Security component
References		https://bugzilla.mozilla.org/show_bug.cgi?id=1999257 https://www.mozilla.org/security/advisories/mfsa2026-01/ https://www.mozilla.org/security/advisories/mfsa2026-02/ https://www.mozilla.org/security/advisories/mfsa2026-03/

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2026-01-13T13:30:52.979Z

Updated: 2026-01-13T15:26:15.125Z

Reserved: 2026-01-13T13:30:52.762Z

Link: CVE-2026-0877

Vulnrichment

Updated: 2026-01-13T15:25:37.265Z

NVD

Status : Received

Published: 2026-01-13T14:16:38.270

Modified: 2026-01-13T16:16:11.337

Link: CVE-2026-0877

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0877", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2026-01-13T13:30:52.762Z", "datePublished": "2026-01-13T13:30:52.979Z", "dateUpdated": "2026-01-13T15:26:15.125Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "147", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "115.32", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "140.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7."}]}], "title": "Mitigation bypass in the DOM: Security component", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999257"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-02/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-03/"}], "credits": [{"lang": "en", "value": "mingijung"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-01-13T13:30:52.979Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-693", "lang": "en", "description": "CWE-693 Protection Mechanism Failure"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-01-13T15:24:18.449019Z", "id": "CVE-2026-0877", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T15:26:15.125Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-0877", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-13T15:24:18.449019Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-693", "description": "CWE-693 Protection Mechanism Failure"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T15:25:37.265Z"}}], "cna": {"title": "Mitigation bypass in the DOM: Security component", "credits": [{"lang": "en", "value": "mingijung"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "147", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "115.32", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Firefox ESR", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "140.7", "versionType": "custom"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999257"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-02/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-03/"}], "descriptions": [{"lang": "en", "value": "Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7.", "supportingMedia": [{"type": "text/html", "value": "Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-01-13T13:30:52.979Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0877", "state": "PUBLISHED", "dateUpdated": "2026-01-13T15:26:15.125Z", "dateReserved": "2026-01-13T13:30:52.762Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2026-01-13T13:30:52.979Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}