Fluid Attacks Database

Description

Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel6	firefox	-	-
debian 14	firefox-esr	=128.13.0esr-1 \|\| =128.14.0esr-1 \|\| =128.14.0esr-1~deb11u1 \|\| =128.14.0esr-1~deb12u1 \|\| =128.14.0esr-1~deb13u1 \|\| =140.3.0esr-1 \|\| =140.3.0esr-1~deb11u1 \|\| =140.3.0esr-1~deb11u2 \|\| =140.3.0esr-1~deb12u1 \|\| =140.3.0esr-1~deb13u1 \|\| =140.3.0esr-2 \|\| =140.3.1esr-1 \|\| =140.3.1esr-1~deb11u1 \|\| =140.3.1esr-1~deb12u1 \|\| =140.3.1esr-1~deb13u1 \|\| =140.3.1esr-2 \|\| =140.4.0esr-1 \|\| =140.4.0esr-1~deb11u1 \|\| =140.4.0esr-1~deb12u1 \|\| =140.4.0esr-1~deb13u1 \|\| =140.5.0esr-1 \|\| =140.5.0esr-1~deb11u1 \|\| =140.5.0esr-1~deb12u1 \|\| =140.5.0esr-1~deb13u1 \|\| =140.6.0esr-1 \|\| =140.6.0esr-1~deb11u1 \|\| =140.6.0esr-1~deb12u1 \|\| =140.6.0esr-1~deb13u1 \|\| =140.7.0esr-1 \|\| =140.7.0esr-1~deb11u1 \|\| =140.7.0esr-1~deb12u1 \|\| =140.7.0esr-1~deb13u1 \|\| =140.8.0esr-1 \|\| =140.8.0esr-1~deb11u1 \|\| =140.8.0esr-1~deb12u1 \|\| =140.8.0esr-1~deb13u1 \|\| =140.9.0esr-1~deb11u1 \|\| =140.9.0esr-1~deb12u1 \|\| =140.9.0esr-1~deb13u1 \|\| >=0 <140.9.0esr-1	140.9.0esr-1
rpm rhel7	thunderbird	-	-
debian 13	firefox-esr	=128.13.0esr-1 \|\| =128.14.0esr-1 \|\| =128.14.0esr-1~deb11u1 \|\| =128.14.0esr-1~deb12u1 \|\| =128.14.0esr-1~deb13u1 \|\| =140.3.0esr-1 \|\| =140.3.0esr-1~deb11u1 \|\| =140.3.0esr-1~deb11u2 \|\| =140.3.0esr-1~deb12u1 \|\| =140.3.0esr-1~deb13u1 \|\| =140.3.0esr-2 \|\| =140.3.1esr-1 \|\| =140.3.1esr-1~deb11u1 \|\| =140.3.1esr-1~deb12u1 \|\| =140.3.1esr-1~deb13u1 \|\| =140.3.1esr-2 \|\| =140.4.0esr-1 \|\| =140.4.0esr-1~deb11u1 \|\| =140.4.0esr-1~deb12u1 \|\| =140.4.0esr-1~deb13u1 \|\| =140.5.0esr-1 \|\| =140.5.0esr-1~deb11u1 \|\| =140.5.0esr-1~deb12u1 \|\| =140.5.0esr-1~deb13u1 \|\| =140.6.0esr-1 \|\| =140.6.0esr-1~deb11u1 \|\| =140.6.0esr-1~deb12u1 \|\| =140.6.0esr-1~deb13u1 \|\| =140.7.0esr-1 \|\| =140.7.0esr-1~deb11u1 \|\| =140.7.0esr-1~deb12u1 \|\| =140.7.0esr-1~deb13u1 \|\| =140.8.0esr-1 \|\| =140.8.0esr-1~deb11u1 \|\| =140.8.0esr-1~deb12u1 \|\| =140.8.0esr-1~deb13u1 \|\| =140.9.0esr-1~deb11u1 \|\| =140.9.0esr-1~deb12u1 \|\| >=0 <140.9.0esr-1~deb13u1	140.9.0esr-1~deb13u1
rpm rhel9	thunderbird	<0:140.9.0-1.el9_7	0:140.9.0-1.el9_7
rpm rhel8	thunderbird	<0:140.9.0-1.el8_10	0:140.9.0-1.el8_10
rpm rhel10	firefox	<0:140.9.0-1.el10_1	0:140.9.0-1.el10_1
rpm rhel10	thunderbird-flatpak	-	-
rpm rhel9.4	firefox	<0:140.9.0-1.el9_4	0:140.9.0-1.el9_4
debian 13	thunderbird	=1:128.13.0esr-1 \|\| =1:128.14.0esr-1 \|\| =1:128.14.0esr-1~deb11u1 \|\| =1:128.14.0esr-1~deb12u1 \|\| =1:128.14.0esr-1~deb13u1 \|\| =1:129.0~b6-1 \|\| =1:130.0~b3-1 \|\| =1:132.0~b6-1 \|\| =1:135.0-1 \|\| =1:136.0-1 \|\| =1:137.0-1 \|\| =1:138.0-1 \|\| =1:140.0.1esr-1 \|\| =1:140.1.0esr-1 \|\| =1:140.1.1esr-1 \|\| =1:140.2.0esr-1 \|\| =1:140.3.0esr-1 \|\| =1:140.3.0esr-1~deb11u1 \|\| =1:140.3.0esr-1~deb12u1 \|\| =1:140.3.0esr-1~deb13u1 \|\| =1:140.3.1esr-1 \|\| =1:140.4.0esr-1 \|\| =1:140.4.0esr-1~deb11u1 \|\| =1:140.4.0esr-1~deb12u1 \|\| =1:140.4.0esr-1~deb13u1 \|\| =1:140.5.0esr-1 \|\| =1:140.5.0esr-1~deb11u1 \|\| =1:140.5.0esr-1~deb12u1 \|\| =1:140.5.0esr-1~deb13u1 \|\| =1:140.6.0esr-1 \|\| =1:140.6.0esr-1~deb11u1 \|\| =1:140.6.0esr-1~deb12u1 \|\| =1:140.6.0esr-1~deb13u1 \|\| =1:140.7.0esr-1 \|\| =1:140.7.0esr-1~deb11u1 \|\| =1:140.7.0esr-1~deb12u1 \|\| =1:140.7.0esr-1~deb13u1 \|\| =1:140.7.1esr-1 \|\| =1:140.7.1esr-1~deb11u1 \|\| =1:140.7.1esr-1~deb12u1 \|\| =1:140.7.1esr-1~deb13u1 \|\| =1:140.8.0esr-1 \|\| =1:140.8.0esr-1~deb11u1 \|\| =1:140.8.0esr-1~deb12u1 \|\| =1:140.8.0esr-1~deb13u1 \|\| =1:140.9.0esr-1~deb11u1 \|\| =1:140.9.0esr-1~deb12u1 \|\| >=0 <1:140.9.0esr-1~deb13u1	1:140.9.0esr-1~deb13u1

1-10 of 27

Aliases

1. CVE-2026-47172. NVD-2026-47173. OSV-2026-47174. OSV-DEBIAN-2026-47175. SECURITY-TRACKER-CVE-2026-4717

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.