Firefox and Thunderbird Settings UI allows unauthorized access to sensitive data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.5

Firefox and Thunderbird Settings UI allows unauthorized access to sensitive data

CVE-2026-2803

Summary

Older versions of Firefox and Thunderbird have a security flaw in their Settings UI. This means that an attacker could potentially access sensitive information without permission. To protect yourself, update to the latest version of Firefox or Thunderbird.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
mozilla	firefox	<= 148.0	–
mozilla	thunderbird	<= 148.0	–

Original title

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

Original description

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox < 148 and Thunderbird < 148.

nvd CVSS3.1 7.5

Vulnerability type

CWE-200 Information Exposure

CWE-693 Protection Mechanism Failure

https://bugzilla.mozilla.org/show_bug.cgi?id=2012012 Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-13/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-16/ Vendor Advisory

Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026