What is GHSA-4c2h-7p75-v7hg?

GHSA-4c2h-7p75-v7hg is a security advisory published by GitHub Security Advisories with Medium severity. Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another...

Which CVE IDs does GHSA-4c2h-7p75-v7hg cover?

GHSA-4c2h-7p75-v7hg covers the following CVE IDs: CVE-2026-8706. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-4c2h-7p75-v7hg?

GHSA-4c2h-7p75-v7hg has a CVSS v3 base score of 6.5, published by GitHub Security Advisories.

GHSA-4c2h-7p75-v7hgMediumCVSS 6.5

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another...

Vendor

GitHub Security Advisories

Published

May 19, 2026

Last Modified

May 19, 2026

🔗 CVE IDs covered (1)

CVE-2026-8706 →

📋 Description

Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-in user's cookies. This vulnerability was fixed in Firefox for iOS 151.0.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-8706
https://bugzilla.mozilla.org/show_bug.cgi?id=2036618
https://www.mozilla.org/security/advisories/mfsa2026-49
https://github.com/advisories/GHSA-4c2h-7p75-v7hg