← volver
CVE-2026-8706

Sensitive user data could be leaked to other applications through Reader mode

CVSS 6.5 MEDIUMEPSS 0.2%CWE-200CWE-306
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
19 may 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
Mozilla · Firefox for iOS