CVE-2026-9308 – Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order

CVE ID :CVE-2026-9308

Published : June 1, 2026, 1:16 p.m. | 1 hour, 16 minutes ago

Description :Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was fixed in Firefox for iOS 151.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-8931 – Critical RCE vulnerability in Disig Web Signer

CVE-2026-48879 – WordPress AIWU plugin

CVE-2026-48866 – WordPress Gravity Forms plugin

CVE-2026-48865 – WordPress LearnPress plugin