CVE-2026-8706 — Firefox for iOS hosted Reader mode on an unauthenticated local web server, allowing another application on the same device to request arbitrary URLs and receive the response rendered with the signed-i — CVE Database · The Intelligence Room