CVE-2026-2803
published 2026-02-24CVE-2026-2803: Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 148.0-1 (sid) | firefox 148.0-1 (sid) |
| mozilla | firefox | < 148.0 | 148.0 |
| mozilla | firefox | — | — |
| mozilla | thunderbird | < 148.0 | 148.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH