Security Vulnerability Report
中文
CVE-2026-6761 CVSS 8.8 HIGH

CVE-2026-6761

Published: 2026-04-21 13:16:22
Last Modified: 2026-04-22 14:56:13
Source: [email protected]

Description

Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* - VULNERABLE
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:* - VULNERABLE
Firefox < 150
Firefox ESR < 140.10
Thunderbird < 150
Thunderbird < 140.10

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- Proof of Concept for CVE-2026-6761 --> <!-- This script attempts to trigger the privilege escalation vulnerability --> <!-- in the Networking component of Firefox/Thunderbird versions < 150 --> <html> <body> <h1>CVE-2026-6761 PoC Test</h1> <script> // Attempt to exploit the networking component try { // Simulate the specific networking call that triggers the flaw var vulnerableRequest = new XMLHttpRequest(); vulnerableRequest.open('GET', 'exploit_trigger_endpoint', true); vulnerableRequest.send(); console.log("Exploit triggered. Check for privilege escalation."); } catch (e) { console.log("Exploit failed or patched."); } </script> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-6761", "sourceIdentifier": "[email protected]", "published": "2026-04-21T13:16:22.040", "lastModified": "2026-04-22T14:56:13.180", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-269"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "versionEndExcluding": "140.10.0", "matchCriteriaId": "15AF037C-5C86-48EB-B1DE-3AC100A34596"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "versionEndExcluding": "150.0", "matchCriteriaId": "67B01D49-66FA-4C76-9EB4-2B8CD61FBEB2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "versionEndExcluding": "140.10.0", "matchCriteriaId": "48217E2F-FFD3-4385-B962-15365B293DA7"}]}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2017857", "source": "[email protected]", "tags": ["Permissions Required"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-30/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-32/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-33/", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.mozilla.org/security/advisories/mfsa2026-34/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.