Login Sign Up

CVE-2026-0883

5.3 MEDIUM

📋 TL;DR

This CVE describes an information disclosure vulnerability in the Networking component of Mozilla products. It allows attackers to potentially access sensitive information from affected browsers and email clients. Users of Firefox, Firefox ESR, and Thunderbird below specified versions are affected.

💻 Affected Systems

Products:
  • Firefox
  • Firefox ESR
  • Thunderbird
Versions: Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, Thunderbird < 140.7
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All standard installations are vulnerable if using affected versions.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive user data (browsing history, authentication tokens, or network traffic details) could be exfiltrated by a malicious actor.

🟠

Likely Case

Limited information leakage such as partial network metadata or configuration details that could aid further attacks.

🟢

If Mitigated

Minimal impact with proper network segmentation and updated software, though some information exposure may still occur.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation likely requires user interaction (visiting malicious site or opening malicious email).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 147+, Firefox ESR 140.7+, Thunderbird 147+, Thunderbird 140.7+

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2026-01/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update check and installation. 4. Restart when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Reduces attack surface by disabling JavaScript execution.

about:config → javascript.enabled = false

Use Content Security Policy

all

Implement CSP headers to restrict network resource loading.

Content-Security-Policy: default-src 'self'

🧯 If You Can't Patch

  • Restrict network access using firewall rules to limit exposure.
  • Use browser isolation or sandboxing technologies to contain potential data leakage.

🔍 How to Verify

Check if Vulnerable:

Check browser/email client version against affected ranges.

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Confirm version is at or above patched versions: Firefox 147+, Firefox ESR 140.7+, Thunderbird 147+, Thunderbird 140.7+.

📡 Detection & Monitoring

Log Indicators:

  • Unusual network connections from browser processes
  • Unexpected data transfers

Network Indicators:

  • Suspicious outbound connections to unknown domains
  • Anomalous data exfiltration patterns

SIEM Query:

source="firefox.log" OR source="thunderbird.log" AND (event="network_error" OR event="connection_refused")

📊 Metadata

CVE ID: CVE-2026-0883
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-200
EPSS Score: 0.05% exploit probability (14.3th percentile)
Published: January 13, 2026
Last Updated: January 22, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-0883, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)