CVE-2026-4717

CWE-26612 documents9 sources

Severity

9.8CRITICAL

EPSS

0.0%

top 93.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedMar 24

Description

Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5mozilla/firefoxunspecified — 149

▶NVDmozilla/firefox< 140.9.0+1

▶CVEListV5mozilla/firefox_esrunspecified — 140.9

▶CVEListV5mozilla/thunderbirdunspecified — 149+1

▶Debianfirefox-esr< 140.9.0esr-1~deb11u1+3

🔴Vulnerability Details

OSV

CVE-2026-4717: Privilege escalation in the Netmonitor component↗2026-03-24

▶

GHSA

GHSA-pqfx-cwf8-965q: Privilege escalation in the Netmonitor component↗2026-03-24

▶

CVEList

Privilege escalation in the Netmonitor component↗2026-03-24

▶

📋Vendor Advisories

Red Hat

firefox: thunderbird: Privilege escalation in the Netmonitor component↗2026-03-24

▶

Debian

CVE-2026-4717: firefox - Privilege escalation in the Netmonitor component. This vulnerability affects Fir...↗2026

▶

Mozilla

Mozilla Foundation Security Advisory 2026-20: CVE-2026-4717↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-23: CVE-2026-4717↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-24: CVE-2026-4717↗

▶

🕵️Threat Intelligence

Wiz

CVE-2026-4717 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-4717 firefox: thunderbird: Privilege escalation in the Netmonitor component↗2026-03-24

▶