CVE-2026-8957

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11

Description Privilege escalation exists in the Enterprise Policies component.

Recommendations Update Firefox to version 151. Update Firefox ESR to version 140.11. Update Thunderbird to version 151. Update Thunderbird to version 140.11.

Fix

LPE

DoS

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

ALSA-2026:21378

ALSA-2026:21380

ALSA-2026:21381

ALSA-2026:21382

ALSA-2026:22325

ALSA-2026:22643

CVE-2026-8957

OESA-2026-2392

OESA-2026-2393

OESA-2026-2394

OESA-2026-2465

OPENSUSE-SU-2026:10813-1

OPENSUSE-SU-2026:10863-1

OPENSUSE-SU-2026:10864-1

Affected Products

Firefox

Rocky Linux

Thunderbird

CVE-2026-8957

Weakness Enumeration

Related Identifiers

Affected Products

References · 143