Firefox Form Autofill Spoofing CVE-2026-8961 (fixed in 151/ESR 140.11): CVE-2026-8961 May 2026

Firefox Form Autofill Spoofing CVE-2026-8961 (fixed in 151/ESR 140.11)
CVE-2026-8961 Published on May 19, 2026

Spoofing issue in the Form Autofill component
Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Vulnerability Analysis

CVE-2026-8961 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

HIGH

Availability Impact:

NONE

Weakness Type

Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

Products Associated with CVE-2026-8961

stack.watch emails you whenever new vulnerabilities are published in Mozilla Firefox or Mozilla Thunderbird. Just hit a watch button to start following.

Affected Versions

Version 140.11, <= 140.* is unaffected.

Version 151, <= * is unaffected.

Version 140.11, <= 140.* is unaffected.

Version 151, <= * is unaffected.

Firefox Form Autofill Spoofing CVE-2026-8961 (fixed in 151/ESR 140.11)CVE-2026-8961 Published on May 19, 2026

Vulnerability Analysis

Weakness Type

Authentication Bypass by Spoofing

Products Associated with CVE-2026-8961

Affected Versions

Firefox Form Autofill Spoofing CVE-2026-8961 (fixed in 151/ESR 140.11)
CVE-2026-8961 Published on May 19, 2026