CVE Catalog

CVE-2026-2775

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.55%

42th percentile - higher than 42% of all known CVEs

Summary

A vulnerability in the DOM: HTML Parser component allows mitigation bypass. The flaw was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Risk Assessment

An attacker could exploit this vulnerability to bypass security mitigations in the browser or mail client, potentially leading to unauthorized actions in the user's context.

Recommendation

Immediately update Firefox to version 148 or later, and ESR versions to 115.33/140.8. Update Thunderbird to version 148 or 140.8.

Original NVD description (English source)

Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS