CVE-2026-2777
published 2026-02-24CVE-2026-2777: Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 148.0-1 (sid) | firefox 148.0-1 (sid) |
| debian | firefox-esr | < firefox 148.0-1 (sid) | firefox 148.0-1 (sid) |
| debian | thunderbird | < firefox 148.0-1 (sid) | firefox 148.0-1 (sid) |
| mozilla | firefox | < 115.33.0 | 115.33.0 |
| mozilla | firefox | < 148.0 | 148.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 128.0 < 140.8.0 | 140.8.0 |
| mozilla | thunderbird | < 140.8.0 | 140.8.0 |
| mozilla | thunderbird | < 148.0 | 148.0 |
| mozilla | thunderbird | >= 0 < 1:140.8.0esr-1~deb11u1 | 1:140.8.0esr-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:140.8.0esr-1~deb12u1 | 1:140.8.0esr-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:140.8.0esr-1~deb13u1 | 1:140.8.0esr-1~deb13u1 |
| mozilla | thunderbird | >= 0 < 1:140.8.0esr-1 | 1:140.8.0esr-1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL