PT-2026-21717 · Mozilla · Firefox+2

D. Santos

Publicado

2026-01-01

Atualizado

2026-03-18

CVE-2026-2784

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8

Description A mitigation bypass exists in the DOM within the Security component. This issue impacts Firefox and Thunderbird.

Recommendations Update Firefox to version 148 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird to version 140.8 or later.

Correção

Authentication Bypass Using an Alternate Path or Channel

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-288

Identificadores relacionados

ALSA-2026:3338

ALSA-2026:3339

ALSA-2026:3361

ALSA-2026:3515

ALSA-2026:3516

ALSA-2026:3517

CVE-2026-2784

MGASA-2026-0052

MGASA-2026-0053

OESA-2026-1471

OESA-2026-1472

OESA-2026-1473

OESA-2026-1474

OESA-2026-1539

OESA-2026-1540

OPENSUSE-SU-2026:10242-1

OPENSUSE-SU-2026:10248-1

OPENSUSE-SU-2026:10257-1

OPENSUSE-SU-2026:20365-1

OPENSUSE-SU-2026:20391-1

RHSA-2026:3338

RHSA-2026:3339

RHSA-2026:3361

RHSA-2026:3491

RHSA-2026:3492

RHSA-2026:3493

RHSA-2026:3494

RHSA-2026:3495

RHSA-2026:3496

RHSA-2026:3497

RHSA-2026:3515

RHSA-2026:3516

RHSA-2026:3517

RHSA-2026:3976

RHSA-2026:3978

RHSA-2026:3979

RHSA-2026:3980

RHSA-2026:3981

RHSA-2026:3982

RHSA-2026:3983

RHSA-2026:3984

RHSA-2026:4022

RHSA-2026:4152

RHSA-2026:4260

RHSA-2026:4432

SUSE-SU-2026:0812-1

SUSE-SU-2026:0871-1

SUSE-SU-2026:0880-1

Produtos afetados

Firefox

Firefox Esr

Thunderbird

PT-2026-21717 · Mozilla · Firefox+2

CVE-2026-2784

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 260