CVE-2026-4687

HIGH mozilla NVD

CVSS Score 8.6

Severity HIGH

Published Mar 24, 2026

Vendor mozilla

Description

Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2016368
https://www.mozilla.org/security/advisories/mfsa2026-20/
https://www.mozilla.org/security/advisories/mfsa2026-21/
https://www.mozilla.org/security/advisories/mfsa2026-22/
https://www.mozilla.org/security/advisories/mfsa2026-23/