CVE-2026-2775
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk42th percentile - higher than 42% of all known CVEs
Summary
A vulnerability in the DOM: HTML Parser component allows mitigation bypass. The flaw was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
Risk Assessment
An attacker could exploit this vulnerability to bypass security mitigations in the browser or mail client, potentially leading to unauthorized actions in the user's context.
Recommendation
Immediately update Firefox to version 148 or later, and ESR versions to 115.33/140.8. Update Thunderbird to version 148 or 140.8.
Original NVD description (English source)
Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

