CVE-2026-2777
CRITICAL WAF: Low
CVSS 9.8
Published: 2026-02-24
CWE-269
Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | up to 115.33.0 |
| mozilla | firefox | up to 148.0 |
| mozilla | firefox | 128.0 - 140.8.0 |
| mozilla | thunderbird | up to 140.8.0 |
| mozilla | thunderbird | up to 148.0 |
References
- bugzilla.mozilla.org (Issue Tracking, Permissions Required)
- www.mozilla.org (Vendor Advisory)
- www.mozilla.org (Vendor Advisory)
- www.mozilla.org (Vendor Advisory)
- www.mozilla.org (Vendor Advisory)
- www.mozilla.org (Vendor Advisory)