CVE-2026-2790 - Vulnerability Analysis

Overview

Firefox < 148 and Firefox ESR < 140.8 contain a same-origin policy bypass caused by a flaw in the Networking: JAR component, letting attackers bypass same-origin restrictions, exploit requires crafted web content.

Severity & Score

Impact

Attackers can bypass same-origin policy, potentially accessing sensitive data from other origins.

Mitigation

Update to Firefox 148, Firefox ESR 140.8 or later.

References

• https://www.mozilla.org/security/advisories/mfsa2026-13/
• https://www.mozilla.org/security/advisories/mfsa2026-15/
• https://www.mozilla.org/security/advisories/mfsa2026-16/
• https://www.mozilla.org/security/advisories/mfsa2026-17/
• https://bugzilla.mozilla.org/show_bug.cgi?id=2008426

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner