CVE-2026-2777
CRITICAL WAF: Low
CVSS 9.8
Published: 2026-02-24
CWE-269
Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | up to 115.33.0 |
| mozilla | firefox | up to 148.0 |
| mozilla | firefox | 128.0 - 140.8.0 |
| mozilla | thunderbird | up to 140.8.0 |
| mozilla | thunderbird | up to 148.0 |
References
- bugzilla.mozilla.org (Issue Tracking, Permissions Required)
- www.mozilla.org (Vendor Advisory)
- www.mozilla.org (Vendor Advisory)
- www.mozilla.org (Vendor Advisory)
- www.mozilla.org (Vendor Advisory)
- www.mozilla.org (Vendor Advisory)