CVE-2026-44658
Zen Browser: RSS Live-Folder Item URLs Are Not Scheme-Restricted Before Trusted Tab Creation
CVSS Score
2.4
EPSS Score
0.0%
EPSS Percentile
0th
Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and date, and returns the item list. The live-folder manager later creates pinned lazy tabs from these values with gBrowser.addTrustedTab(item.url, ...). This vulnerability is fixed in 1.19.12b.
| CWE | CWE-20 |
| Vendor | zen-browser |
| Product | desktop |
| Published | May 11, 2026 |
| Last Updated | May 11, 2026 |
Stay Ahead of the Next One
Get instant alerts for zen-browser desktop
Be the first to know when new low vulnerabilities affecting zen-browser desktop are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected Versions
zen-browser / desktop
< 1.19.12b