8.8
CVE-2026-8952
- EPSS 0.37%
- Veröffentlicht 19.05.2026 12:29:45
- Zuletzt bearbeitet 20.05.2026 17:16:29
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
Privilege escalation in the Application Update component
Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird Version < 151.0.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.29 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
https://www.mozilla.org/security/advisories/mfsa2026-46/
https://bugzilla.mozilla.org/show_bug.cgi?id=2021727
https://www.mozilla.org/security/advisories/mfsa2026-50/