Privilege Escalation in Firefox Enterprise Policies Component
CVE-2026-8957

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-8957?

This vulnerability exists within the Enterprise Policies component of Firefox, allowing unauthorized users to escalate privileges. This security flaw may enable a malicious actor to gain elevated access, compromising system integrity and user data. The issue has been addressed in the latest versions of Firefox, specifically Firefox 151 and Firefox ESR 140.11, where adequate security measures have been implemented to mitigate this risk effectively.

Affected Version(s)

Firefox 140.11

Firefox 151

Thunderbird 140.11

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2033850

https://www.mozilla.org/security/advisories/mfsa2026-46/

https://www.mozilla.org/security/advisories/mfsa2026-48/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 19, 2026

Credit

Mateusz Dobrzyński

CVE-2026-8957 Data

JSON

Mozilla

What is CVE-2026-8957?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit