ctipilot.ch

Mozilla Firefox DOM Navigation site-isolation bypass (public exploit code, no confirmed ITW); fixed 152.0.6

cve · CVE-2026-15719

Coverage timeline
1
first 2026-07-17 → last 2026-07-17
Peak priority
notable
1 notable
Sources cited
2
2 hosts
Sections touched
1
trending-vulnerabilities
Co-occurring entities
1
see Related entities below
ATT&CK techniques
2
pinned v19.1 · see below

Hunting pivots

ATT&CK techniques
Affected products
Mozilla Firefox

ATT&CK techniques

2 techniques observed across 1 entry — derived from entry metadata and body evidence, never asserted without a published entry behind it · pinned to MITRE ATT&CK v19.1 · compare on the matrix · Navigator layer (JSON)

Initial Access TA0001

T1189Drive-by Compromise×1

Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. Multiple ways of delivering exploit code to a browser exist (i.e., Drive-by Target), including:

Evidence: 2026-07-17/firefox-152-0-6-wasm-site-isolation-public-exploit · ATT&CK page ↗

Execution TA0002

T1203Exploitation for Client Execution×1

Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.

Evidence: 2026-07-17/firefox-152-0-6-wasm-site-isolation-public-exploit · ATT&CK page ↗

Story timeline

  1. 2026-07-17Firefox 152.0.6 — chained WebAssembly memory-safety and DOM-navigation site-isolation flaws with public exploit code (CVE-2026-15718, CVE-2026-15719)
    trending-vulnerabilitiesMozilla patches a WebAssembly memory bug and a site-isolation bypass in Firefox 152.0.6 — exploit code is public, no confirmed in-the-wild abuse

Where this entity is cited

  • trending-vulnerabilities1

Source distribution

  • advisories.ncsc.nl1 (50%)
  • mozilla.org1 (50%)

Co-occurring entities

Derived — referenced by the same focused operational entries (weekly summaries and report roundups don't count); ×N counts the shared entries.

Entries about Mozilla Firefox DOM Navigation site-isolation bypass (public exploit code, no confirmed ITW); fixed 152.0.6 (1)

2026-07-17 · view entry permalink →

NOTABLECVE-2026-15718 +1NATOA2

Firefox 152.0.6 — chained WebAssembly memory-safety and DOM-navigation site-isolation flaws with public exploit code (CVE-2026-15718, CVE-2026-15719)

Mozilla released Firefox 152.0.6 on 2026-07-14 to fix two flaws NCSC-NL flagged on 2026-07-16 specifically because exploit code is public, which raises the likelihood of abuse (NCSC-NL, 2026-07-16). CVE-2026-15718 is an invalid-pointer memory-safety bug in the JavaScript engine's WebAssembly component; CVE-2026-15719 is a site-isolation bypass in the DOM Navigation component (Mozilla, 2026-07-14). The pairing matches the classic browser-exploit shape where a site-isolation bypass turns a memory-safety bug into cross-origin/sandbox-relevant code execution, needing only that a victim load a malicious page or a legitimate page serving a malicious ad. Severity ratings diverge across the primaries: Mozilla labels both flaws "Critical" impact, while NCSC-NL's CSAF record scores them CVSS 3.1 MEDIUM (CVE-2026-15718 base 4.3, CVE-2026-15719 base 5.4) — the individual base scores are moderate, and the operational concern is the chained code-execution potential plus the public exploit code, not a high CVSS. Crucially, Mozilla's own advisory text for both CVEs is explicit: "we are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw" — so the accurate status is public PoC, not confirmed exploitation, and the "zero-day exploited in attacks" framing carried by at least one vulnerability-scanner blog overstates the primary source.

We are aware that exploit code for this is public however we are not aware of any attacks in the wild abusing this flaw.

Mozilla Foundation Security Advisory mfsa2026-67

Mozilla geeft aan dat exploitcode voor de kwetsbaarheden publiek beschikbaar is. Dit vergroot de kans op misbruik.

NCSC-NL (NCSC-2026-0242)
vulnerability17 Jul 04:35Zmulti-sourceOpen finding ↗