CVE-2026-9309 – Arbitrary JavaScript execution in internal pages via Reader View JSON-LD injection

CVE ID :CVE-2026-9309

Published : June 1, 2026, 1:16 p.m. | 1 hour, 16 minutes ago

Description :Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScript execution in an internal origin. This vulnerability was fixed in Firefox for iOS 151.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9308 – Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order

CVE-2026-34193 – GPU DDK – Arbitrary write via UFO updates due insufficient pointer validation in rgxfw_to_ptr()

CVE-2026-10532 – Logback deserialization whitelist bypass for Proxy objects

CVE-2026-10258 – itsourcecode Content Management System add_sub_topic.php sql injection