EUVD-2026-37080
GHSA-pp33-f8rg-g2pq
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Browser flaw triggered by loading malicious web content (AV:N, AC:L, PR:N, UI:R); WebRender privilege escalation yields high C/I/A within the browser process without crossing a security authority (S:U).
Primary rating from Vendor (mozilla).
CVSS VectorVendor: mozilla
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
Articles & Coverage 1
AnalysisAI
Privilege escalation in the WebRender graphics component of Mozilla Firefox enables remote attackers to elevate privileges within the browser sandbox when a victim loads malicious web content. Mozilla has patched the issue in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37, and no public exploit has been identified at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a victim using an unpatched Firefox or Firefox ESR build (prior to 152, 140.12, or 115.37) to load attacker-controlled web content rendered via the WebRender graphics pipeline, and the CVSS vector specifies UI:R, meaning user interaction such as visiting a page or clicking a link is required. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) reflects a high-impact, network-reachable issue requiring only that a user visit or interact with a malicious page - a realistic scenario for a browser. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts a malicious webpage containing crafted graphics or CSS content that exercises the vulnerable WebRender code path; when a victim visits the page or is lured via a phishing link, the page triggers the privilege management flaw and elevates the attacker's code beyond its expected rendering-context privileges, typically as a stepping stone toward sandbox escape. No public POC has been identified at time of analysis, but the AC:L/UI:R profile makes this a realistic component of a browser exploit chain. |
| Remediation | Vendor-released patch: upgrade to Firefox 152, Firefox ESR 140.12, or Firefox ESR 115.37 as documented in Mozilla advisories MFSA-2026-57, MFSA-2026-58, and MFSA-2026-59. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all systems running Firefox versions earlier than 152, ESR 140.12, or ESR 115.37. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Unauthenticated remote command execution in rclone's remote control daemon (rcd) affects versions 1.55.0 through 1.74.2
Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152 and Firefox
Security mitigation bypass in the DOM: Security component of Mozilla Firefox allows remote attackers to circumvent brows
Security mitigation bypass in the DOM: Security component of Mozilla Firefox prior to version 152 allows remote attacker
Origin validation failure in CyberArk's Idira Identity Browser Extension for Chrome, Firefox, and Edge (versions prior t
Share
External POC / Exploit Code
Leaving vuln.today