CVE-2026-2780 — Improper Privilege Management in Mozilla Firefox

CWE-269 — Improper Privilege Management12 documents9 sources

Severity

9.8CRITICALNVD

EPSS

0.0%

top 96.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Thunderbird Mozilla Firefox

Timeline

PublishedFeb 24

Description

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDmozilla/firefox< 140.8.0+1

▶NVDmozilla/thunderbird< 140.8.0+1

▶Debianmozilla/thunderbird< 1:140.8.0esr-1~deb11u1+3

🔴Vulnerability Details

GHSA

GHSA-839v-3vpr-fpgf: Privilege escalation in the Netmonitor component↗2026-02-24

▶

OSV

CVE-2026-2780: Privilege escalation in the Netmonitor component↗2026-02-24

▶

CVEList

Privilege escalation in the Netmonitor component↗2026-02-24

▶

📋Vendor Advisories

Red Hat

firefox: thunderbird: Privilege escalation in the Netmonitor component↗2026-02-24

▶

Debian

CVE-2026-2780: firefox - Privilege escalation in the Netmonitor component. This vulnerability affects Fir...↗2026

▶

Mozilla

Mozilla Foundation Security Advisory 2026-13: CVE-2026-2780↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-17: CVE-2026-2780↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-16: CVE-2026-2780↗

▶

🕵️Threat Intelligence

Wiz

CVE-2026-2780 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-2780 firefox: thunderbird: Privilege escalation in the Netmonitor component↗2026-02-24

▶