Mozilla Foundation Security Advisory 2026-49

Security Vulnerabilities fixed in Firefox for iOS 151.0

Announced

May 19, 2026

Impact

high

Products

Firefox for iOS

Fixed in

Firefox for iOS 151

#CVE-2026-8706: Sensitive user data could be leaked to other applications through Reader mode

Reporter: Muneaki Nishimura
Impact: high

Description

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies.

References

Bug 2036618

Firefox browsers

Mozilla VPN

Mozilla Monitor

Firefox Relay

MDN Plus

Thunderbird

Solo

0DIN

Tabstack

About Mozilla

The Mozilla Manifesto

Get Involved

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising

Mozilla Builders

Mozilla New Products