CVE-2026-8950: firefox: Same-origin policy bypass in the Networking: HTTP component

Severity: Critical

CVSS Score: 9.3

Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.