Main Vulnerability Database Vulnerabilities #VU121207

Protection mechanism failure in Mozilla products - CVE-2026-0877

Published: January 13, 2026

Vulnerability identifier: #VU121207

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2026-0877

CWE-ID: CWE-693

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Firefox ESR
Mozilla Firefox
Firefox for Android

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. An attacker can bypass implemented DOM security restrictions and execute arbitrary JavaScript code.

How to mitigate CVE-2026-0877

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2026-02/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/

Protection mechanism failure in Mozilla products - CVE-2026-0877

Detailed vulnerability description

How to mitigate CVE-2026-0877

Sources

Please verify you're human