Firefox allows unauthorized data access

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.5

Firefox allows unauthorized data access

CVE-2026-3846

Summary

A weakness in Firefox's CSS parsing allows malicious websites to access sensitive information from other websites. This could put your online accounts and data at risk. Update Firefox to version 148.0.2 or later to fix this issue.

Original title

Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability affects Firefox < 148.0.2.

Original description

Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability affects Firefox < 148.0.2.

osv CVSS3.1 6.5

https://www.mozilla.org/security/advisories/mfsa2026-19/ Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=2018400 Third Party Advisory

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026