EUVD-2026-30908
GHSA-83v4-m9qr-xgp9
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11.
AnalysisAI
Privilege escalation in the Enterprise Policies component of Mozilla Firefox affects versions prior to Firefox 151 and Firefox ESR 140.11, allowing remote attackers who can convince a user to interact with crafted content to elevate privileges within the browser. No public exploit identified at time of analysis, and EPSS scoring places exploitation probability at just 0.03% (9th percentile). …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory current Firefox and Firefox ESR versions across the organization. Within 7 days: Deploy Firefox 151+ and Firefox ESR 140.11+ through standard patch management; prioritize high-privilege user endpoints. …
Sign in for detailed remediation steps.
More from same product – last 7 days
SQL injection in Pimcore's CustomReportsBundle (versions ≤ 12.3.5) lets an authenticated user holding the reports_config
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today