Firefox Sandbox Escape via DOM Workers (pre-152, ESR 140.12, ESR 115.37)
CVE-2026-12294 Published on June 16, 2026
Sandbox escape in the DOM: Workers component
Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
Products Associated with CVE-2026-12294
stack.watch emails you whenever new vulnerabilities are published in Mozilla Firefox or Mozilla Thunderbird. Just hit a watch button to start following.
Affected Versions
Mozilla Firefox:- Version 115.37, <= 115.* is unaffected.
- Version 140.12, <= 140.* is unaffected.
- Version 152, <= * is unaffected.
- Version 140.12, <= 140.* is unaffected.
- Version 152, <= * is unaffected.