CVE-2026-2775 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: February 25, 2026
Firefox - Mitigation Bypass
Published: February 24, 2026Updated: February 25, 2026Remote Exploitable
Overview
Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8 contain a mitigation bypass caused by flaws in the DOM HTML Parser component, letting attackers bypass security mitigations, exploit requires crafted HTML content.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Attackers can bypass security mitigations, potentially enabling further attacks like code execution or information disclosure.
Mitigation
Update to Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8 or later versions.
References
- https://www.mozilla.org/security/advisories/mfsa2026-17/
- https://bugzilla.mozilla.org/show_bug.cgi?id=2015199
- https://www.mozilla.org/security/advisories/mfsa2026-13/
- https://www.mozilla.org/security/advisories/mfsa2026-14/
- https://www.mozilla.org/security/advisories/mfsa2026-15/
- https://www.mozilla.org/security/advisories/mfsa2026-16/
Related Resources
Details
- CVE ID
- CVE-2026-2775
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- undefined
- Status
- confirmed
CWE
- NVD-CWE-noinfo
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H