CVE-2026-9308EPSS p5.2%

CVE-2026-9308CVE-2026-9308

mozilla / firefox

Description

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was fixed in Firefox for iOS 151.2.

Scoring

CVSS 5.4 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS0.16% probability of exploitation · percentile 5.2% · 2026-06-19T12:03:05Z
Last modified2026-06-03

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-9309
CVE
CVE-2026-2634
CVE
CVE-2026-9950
CVE
CVE-2026-9955
CVE
CVE-2026-9971
CVE
CVE-2026-10896
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.