EUVD-2026-37095
GHSA-j8xr-5v62-3rx4
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from Vendor (mozilla) · only source for this CVE.
CVSS VectorVendor: mozilla
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Articles & Coverage 1
Analysis
Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Unauthenticated remote command execution in rclone's remote control daemon (rcd) affects versions 1.55.0 through 1.74.2
Security mitigation bypass in the DOM: Security component of Mozilla Firefox allows remote attackers to circumvent brows
Security mitigation bypass in the DOM: Security component of Mozilla Firefox prior to version 152 allows remote attacker
Privilege escalation in the WebRender graphics component of Mozilla Firefox enables remote attackers to elevate privileg
Origin validation failure in CyberArk's Idira Identity Browser Extension for Chrome, Firefox, and Edge (versions prior t
Share
External POC / Exploit Code
Leaving vuln.today