CVE-2026-0888
published 2026-01-13CVE-2026-0888: Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 147.0-1 (sid) | firefox 147.0-1 (sid) |
| mozilla | firefox | < 147.0 | 147.0 |
| mozilla | firefox | — | — |
| mozilla | thunderbird | < 147.0 | 147.0 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv5.3MEDIUM