CVE-2026-2777 — Improper Privilege Management in Mozilla Firefox

CWE-269 — Improper Privilege Management13 documents9 sources

Severity

9.8CRITICALNVD

EPSS

0.1%

top 80.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Mozilla Firefox

Timeline

PublishedFeb 24

Description

Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDmozilla/firefox128.0 — 140.8.0+2

▶NVDmozilla/thunderbird< 140.8.0+1

▶Debianmozilla/thunderbird< 1:140.8.0esr-1~deb11u1+3

🔴Vulnerability Details

GHSA

GHSA-hjq8-wc3q-9xf3: Privilege escalation in the Messaging System component↗2026-02-24

▶

CVEList

Privilege escalation in the Messaging System component↗2026-02-24

▶

OSV

CVE-2026-2777: Privilege escalation in the Messaging System component↗2026-02-24

▶

📋Vendor Advisories

Red Hat

firefox: thunderbird: Privilege escalation in the Messaging System component↗2026-02-24

▶

Debian

CVE-2026-2777: firefox - Privilege escalation in the Messaging System component. This vulnerability affec...↗2026

▶

Mozilla

Mozilla Foundation Security Advisory 2026-17: CVE-2026-2777↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-14: CVE-2026-2777↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-16: CVE-2026-2777↗

▶

🕵️Threat Intelligence

Wiz

CVE-2026-2777 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-2777 firefox: thunderbird: Privilege escalation in the Messaging System component↗2026-02-24

▶