PT-2026-21724 · Mozilla · Firefox+2

Surya Dev Singh

·

Published

2026-01-01

·

Updated

2026-03-18

·

CVE-2026-2791

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8
Description A mitigation bypass exists in the Networking: Cache component. This issue may allow bypassing existing security measures.
Recommendations Update Firefox to version 148 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird to version 140.8 or later.

Fix

Authentication Bypass Using an Alternate Path or Channel

Weakness Enumeration

CWE-288

Related Identifiers

ALSA-2026:3338
ALSA-2026:3339
ALSA-2026:3361
ALSA-2026:3515
ALSA-2026:3516
ALSA-2026:3517
CVE-2026-2791
MGASA-2026-0052
MGASA-2026-0053
OESA-2026-1471
OESA-2026-1472
OESA-2026-1473
OESA-2026-1474
OESA-2026-1539
OESA-2026-1540
OPENSUSE-SU-2026:10242-1
OPENSUSE-SU-2026:10248-1
OPENSUSE-SU-2026:10257-1
OPENSUSE-SU-2026:20365-1
OPENSUSE-SU-2026:20391-1
RHSA-2026:3338
RHSA-2026:3339
RHSA-2026:3361
RHSA-2026:3491
RHSA-2026:3492
RHSA-2026:3493
RHSA-2026:3494
RHSA-2026:3495
RHSA-2026:3496
RHSA-2026:3497
RHSA-2026:3515
RHSA-2026:3516
RHSA-2026:3517
RHSA-2026:3976
RHSA-2026:3978
RHSA-2026:3979
RHSA-2026:3980
RHSA-2026:3981
RHSA-2026:3982
RHSA-2026:3983
RHSA-2026:3984
RHSA-2026:4022
RHSA-2026:4152
RHSA-2026:4260
RHSA-2026:4432
SUSE-SU-2026:0812-1
SUSE-SU-2026:0871-1
SUSE-SU-2026:0880-1

Affected Products

Firefox
Firefox Esr
Thunderbird