What is the CVSS score of EUVD-2026-30924?

EUVD-2026-30924 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Mozilla Firefox are affected by EUVD-2026-30924?

A privilege escalation vulnerability in Mozilla Firefox (CVE-2026-8972, CVSS 8.8) could allow attackers to gain elevated access within the browser when users visit malicious pages, potentially…. A patch is available.

Mozilla Firefox EUVD-2026-30924

| CVE-2026-8972 HIGH

Improper Privilege Management (CWE-269)

2026-05-19 mozilla

GHSA-96x7-hrvx-gqj6

Privilege Escalation Mozilla Suse

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 20, 2026 - 17:27 vuln.today

Severity Changed

May 20, 2026 - 17:22 NVD

MEDIUM HIGH

CVSS changed

May 20, 2026 - 17:22 NVD

6.5 (MEDIUM) 8.8 (HIGH)

CVE Published

May 19, 2026 - 12:30 nvd

UNKNOWN (no severity yet)

DescriptionNVD

Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151.

AnalysisAI

Privilege escalation in Mozilla Firefox's WebRTC Audio/Video component allows remote attackers to elevate privileges within the browser context when a user is lured into interacting with a malicious page. The flaw carries a CVSS 8.8 with required user interaction and was addressed in Firefox 151; no public exploit identified at time of analysis and EPSS exploitation probability sits at 0.03% (8th percentile).

RemediationAI

Within 24 hours: Audit Firefox installations across your environment using endpoint management tools to identify scope and affected users. Within 7 days: Deploy Firefox 151 or later to all endpoints using your patch management system. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory