CVE Catalog

CVE-2026-4692

CriticalCVSS 10.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.49%

38th percentile - higher than 38% of all known CVEs

Summary

A sandbox escape vulnerability exists in the Responsive Design Mode component. This flaw was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Risk Assessment

An attacker could exploit this vulnerability to break out of the browser sandbox and gain access to the underlying operating system, potentially leading to full device compromise or data theft.

Recommendation

Immediately update Firefox to version 149 or later, and Thunderbird to version 149 or 140.9. For ESR users, apply updates to 115.34 or 140.9 accordingly.

Original NVD description (English source)

Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS