CVE-2026-2777
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk28th percentile - higher than 28% of all known CVEs
Summary
A privilege escalation vulnerability exists in the Messaging System component of Firefox and Thunderbird. The flaw is fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
Risk Assessment
An attacker could exploit this vulnerability to gain elevated privileges, potentially leading to unauthorized access to sensitive data or application compromise.
Recommendation
Immediately update Firefox to version 148 or later (or the appropriate ESR version) and Thunderbird to version 148 or 140.8.
Original NVD description (English source)
Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

