Main Vulnerability Database Vulnerabilities #VU123240

Protection mechanism failure in Mozilla Firefox and Firefox for Android - CVE-2026-2803

Published: February 25, 2026

Vulnerability identifier: #VU123240

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-2803

CWE-ID: CWE-693

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox
Firefox for Android

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures in the Settings UI component. An attacker can bypass implemented security restrictions and gain access to sensitive information.

How to mitigate CVE-2026-2803

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/

Protection mechanism failure in Mozilla Firefox and Firefox for Android - CVE-2026-2803

Detailed vulnerability description

How to mitigate CVE-2026-2803

Sources

Please verify you're human