{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24868", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2026-01-27T15:11:51.077Z", "datePublished": "2026-01-27T15:58:48.472Z", "dateUpdated": "2026-04-13T13:53:06.118Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "147.0.2", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2."}]}], "title": "Mitigation bypass in the Privacy: Anti-Tracking component", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2007302"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-06/"}], "credits": [{"lang": "en", "value": "Masato Kinugawa"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T13:53:06.118Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-693", "lang": "en", "description": "CWE-693 Protection Mechanism Failure"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-02-06T20:20:26.407316Z", "id": "CVE-2026-24868", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T20:20:29.530Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-24868", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-06T20:20:26.407316Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-693", "description": "CWE-693 Protection Mechanism Failure"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T19:35:55.945Z"}}], "cna": {"title": "Mitigation bypass in the Privacy: Anti-Tracking component", "credits": [{"lang": "en", "value": "Masato Kinugawa"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "147.0.2", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2007302"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-06/"}], "descriptions": [{"lang": "en", "value": "Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2.", "supportingMedia": [{"type": "text/html", "value": "Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T13:53:06.118Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24868", "state": "PUBLISHED", "dateUpdated": "2026-04-13T13:53:06.118Z", "dateReserved": "2026-01-27T15:11:51.077Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2026-01-27T15:58:48.472Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "21090562-C94F-4894-A700-FD3BDEE56713", "versionEndExcluding": "147.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2."}, {"lang": "es", "value": "Omisi\u00f3n de mitigaci\u00f3n en el componente de Privacidad: Anti-Rastreo. Esta vulnerabilidad afecta a Firefox < 147.0.2."}], "id": "CVE-2026-24868", "lastModified": "2026-04-13T15:17:19.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-01-27T16:16:36.173", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2007302"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2026-06/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-693"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "firefox: Mitigation bypass in the Privacy: Anti-Tracking component", "id": "2433429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433429"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2026-24868", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-27T15:58:48Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-24868\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-24868\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=2007302\nhttps://www.mozilla.org/security/advisories/mfsa2026-06/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-15T15:36:30.225278+00:00", "value": {"mitigation_remediation": ["Upgrade Firefox to version 147.0.2 or later", "Ensure Firefox automatic updates are enabled to receive the fix promptly", "Review Mozilla security advisories regularly and apply updates as they become available"], "summary": {"action": "Patch Immediately", "impact": "Bypass of anti\u2011tracking privacy controls"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox on all versions prior to 147.0.2 is affected. The fix was released in Firefox 147.0.2. No other products or versions are listed in the CVE data.", "description_and_impact": "The vulnerability is a mitigation bypass in Firefox's Privacy: Anti\u2011Tracking component. It allows malicious content or users to disable or circumvent the anti\u2011tracking enforcement, potentially undermining the browser\u2019s privacy protections. This flaw is categorized as a Security Misconfiguration (CWE\u2011693).", "risk_and_exploitability": "CVSS v3.1 score 6.5 indicates moderate severity. EPSS <1% suggests a low probability of exploitation at the time of analysis. The vulnerability is not in the CISA KEV catalog. Attack vector is not explicitly stated in the CVE; based on the limited description it is inferred that local or remote exploitation via crafted web content or malicious user interaction may be possible. No additional privileges or conditions are identified in the provided data."}}}}, "created": "2026-01-28T12:22:39.849275+00:00", "updated": "2026-04-15T18:00:15.538796+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox"]}