Firefox DOM Navigation site-isolation flaw with public exploit code
A site-isolation flaw in Firefox's DOM Navigation component. Mozilla notes exploit code is public but no in-the-wild attacks are confirmed. Fixed in Firefox 152.0.6.
- Vendor
- Mozilla
- Product
- Firefox (pre-152.0.6)
- CVSS
- 5.4
- EPSS (exploit probability)
- N/A
- Status
- patched
- Published
CVE-2026-15719 is a site-isolation flaw in the DOM Navigation component of Firefox. Mozilla’s advisory carries the same disclosure as the sibling CVE-2026-15718: “We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw.” NVD scores it 5.4 (medium). The urgency is the exploit-code status, not the base score.
The fix ships in Firefox 152.0.6. See the Mozilla Foundation Security Advisories index for the corresponding MFSA and confirm managed Firefox instances have relaunched into the patched build.
Full coverage: Firefox exploit code public; Chrome, Adobe patch same day.
