Sandbox escape CVE-2026-2776 in Firefox <148 via Telemetry boundary
CVE-2026-2776 Published on February 24, 2026

Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software
Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8.

NVD

Products Associated with CVE-2026-2776

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-2776 are published in these products:

Mozilla Firefox

Mozilla FireFox Extended Support Release (ESR)

Affected Versions

Mozilla Firefox:

Version unspecified and below 148 is affected.

Mozilla Firefox ESR:

Version unspecified and below 115.33 is affected.

Mozilla Firefox ESR:

Version unspecified and below 140.8 is affected.

Mozilla Thunderbird:

Version unspecified and below 148 is affected.

Mozilla Thunderbird:

Version unspecified and below 140.8 is affected.

Sandbox escape CVE-2026-2776 in Firefox <148 via Telemetry boundaryCVE-2026-2776 Published on February 24, 2026

Products Associated with CVE-2026-2776

Affected Versions

Sandbox escape CVE-2026-2776 in Firefox <148 via Telemetry boundary
CVE-2026-2776 Published on February 24, 2026