{"cve":{"cve_id":"CVE-2026-8706","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00192,"epss_percentile":0.08945,"epss_as_of":"2026-06-23","description":"Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0.","published_at":"2026-05-19T14:27:38.483000Z","last_modified_at":null,"cvss_v3_score":6.5,"cvss_v3_vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-306","CWE-200"],"nvd_references":["https://bugzilla.mozilla.org/show_bug.cgi?id=2036618","https://www.mozilla.org/security/advisories/mfsa2026-49/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:31:10.151094Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"A","value_label":"Adjacent"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"mozilla","vendor_name":"Mozilla","product_slug":"firefox-for-ios","product_name":"Firefox for iOS","version_start":"151.0","version_start_inclusive":true,"version_end":"*","version_end_inclusive":true,"cpe23_uri":"cve5:mozilla:firefox-for-ios:151.0:*"}],"exploit_refs":[],"news":[],"references":[{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2036618","source_type":"MISC","tags":[]},{"url":"https://www.mozilla.org/security/advisories/mfsa2026-49/","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2026-05-19T14:27:38.483000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:56:22.639448Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:56:22.639448Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:56:22.639448Z","label":"CVSS score revised","source":"cvelistv5"}]}