CVE-2026-2780
published 2026-02-24CVE-2026-2780: Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 148.0-1 (sid) | firefox 148.0-1 (sid) |
| debian | firefox-esr | < firefox 148.0-1 (sid) | firefox 148.0-1 (sid) |
| debian | thunderbird | < firefox 148.0-1 (sid) | firefox 148.0-1 (sid) |
| mozilla | firefox | < 140.8.0 | 140.8.0 |
| mozilla | firefox | < 148.0 | 148.0 |
| mozilla | firefox | — | — |
| mozilla | thunderbird | < 140.8.0 | 140.8.0 |
| mozilla | thunderbird | < 148.0 | 148.0 |
| mozilla | thunderbird | >= 0 < 1:140.8.0esr-1~deb11u1 | 1:140.8.0esr-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:140.8.0esr-1~deb12u1 | 1:140.8.0esr-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:140.8.0esr-1~deb13u1 | 1:140.8.0esr-1~deb13u1 |
| mozilla | thunderbird | >= 0 < 1:140.8.0esr-1 | 1:140.8.0esr-1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL