Privilege Escalation Vulnerability in Firefox Application Update Component
CVE-2026-8952

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-8952?

A privilege escalation vulnerability was identified in the Application Update component of Firefox, allowing attackers to gain higher access levels than intended. This issue has been addressed in Firefox version 151 and poses a risk primarily to users of earlier versions. It is recommended that all users update to the latest version to mitigate any potential security threats.

Affected Version(s)

Firefox 151

Thunderbird 151

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2021727

https://www.mozilla.org/security/advisories/mfsa2026-46/

https://www.mozilla.org/security/advisories/mfsa2026-50/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 19, 2026

Credit

Tomoya Nakanishi

CVE-2026-8952 Data

JSON

Mozilla

What is CVE-2026-8952?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit