Security Advisory

CVE-2026-8706

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-05-19 14:27:38

Last updated 2026-05-19 17:12:23

Assigner mozilla

State PUBLISHED

Description

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in users cookies. This vulnerability was fixed in Firefox for iOS 151.0.

← Browse all CVEs View on cve.org ↗