CVE-2026-8970

Severity CVSS v4.0:
Pending analysis
Type:
CWE-269 Improper Privilege Management
Publication date:
19/05/2026
Last modified:
20/05/2026

Description

Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* 140.11.0 (excluding)
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* 151.0.0 (excluding)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:* 140.11 (excluding)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:* 151.0.0 (excluding)