Description
Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Published: 2026-04-21
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: Privilege Escalation
Action: Patch
AI Analysis

Impact

The flaw resides in the Networking component of Mozilla Firefox and allows an attacker to increase their privileges on the host system. The vulnerability is known to have been remedied in Firefox version 150 and Firefox ESR 140.10, indicating that the flaw was functional and worthy of a security update.

Affected Systems

All installations of Mozilla Firefox running any release older than version 150 and all Firefox ESR builds older than build 140.10 are impacted. Versions 150 and later or ESR 140.10 and later contain the fix, rendering those and later releases immune to this specific privilege escalation. The vulnerability affects only the Firefox product family identified by the CNA.

Risk and Exploitability

No CVSS or EPSS score is supplied, and the flaw is not catalogued in the CISA KEV list, so the precise severity and likelihood of exploitation are not quantified in the available data. The description does not specify the attack vector; it is inferred that exploitation could involve local or remote activities that target the Networking component, but this inference is only based on the component name, not on explicit documentation.

Generated by OpenCVE AI on April 22, 2026 at 03:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Firefox 150 or newer, or to Firefox ESR 140.10 or newer, to obtain the vendor‑issued fix.
  • If an upgrade cannot be performed immediately, mitigate exposure by limiting the network traffic that the machine can receive, restricting untrusted connections to the affected system.
  • Consider disabling or restricting the Networking component via policy or configuration until the update is applied to reduce the risk pathway for an attacker.

Generated by OpenCVE AI on April 22, 2026 at 03:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10. Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 21 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Description Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10.
Title Privilege escalation in the Networking component
References

Subscriptions

Mozilla Firefox
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-21T23:34:53.817Z

Reserved: 2026-04-21T12:40:55.759Z

Link: CVE-2026-6761

cve-icon Vulnrichment

Updated: 2026-04-21T17:53:00.479Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-04-21T13:16:22.040

Modified: 2026-04-22T00:16:32.140

Link: CVE-2026-6761

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T03:30:06Z

Weaknesses