EUVD-2026-30902
GHSA-hrqc-vwff-62mj
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151.
AnalysisAI
Privilege escalation in Mozilla Firefox via the Application Update component allows remote attackers to gain elevated privileges when a user interacts with malicious content, fixed in Firefox 151. The flaw carries a CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:N/UI:R) and is categorized under CWE-269 (Improper Privilege Management). …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all Firefox installations organization-wide and document current versions. Within 7 days: Restrict user download and execution of untrusted content; communicate the vulnerability to end users; consider temporarily disabling automatic Firefox updates pending vendor patch release. …
Sign in for detailed remediation steps.
More from same product – last 7 days
SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today