CVE Catalog

CVE-2026-2777

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

28th percentile - higher than 28% of all known CVEs

Summary

A privilege escalation vulnerability exists in the Messaging System component of Firefox and Thunderbird. The flaw is fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Risk Assessment

An attacker could exploit this vulnerability to gain elevated privileges, potentially leading to unauthorized access to sensitive data or application compromise.

Recommendation

Immediately update Firefox to version 148 or later (or the appropriate ESR version) and Thunderbird to version 148 or 140.8.

Original NVD description (English source)

Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS