Firefox <149 Sandbox Escape via Telemetry Boundary Conditions
CVE-2026-4687 Published on March 24, 2026

Sandbox escape due to incorrect boundary conditions in the Telemetry component
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

NVD

Products Associated with CVE-2026-4687

Want to know whenever a new CVE is published for Mozilla products? stack.watch will email you.

Mozilla Firefox

Mozilla FireFox Extended Support Release (ESR)

Mozilla Thunderbird

Affected Versions

Mozilla Firefox:

Version unspecified and below 149 is affected.

Mozilla Firefox ESR:

Version unspecified and below 115.34 is affected.

Mozilla Firefox ESR:

Version unspecified and below 140.9 is affected.

Mozilla Thunderbird:

Version unspecified and below 149 is affected.

Mozilla Thunderbird:

Version unspecified and below 140.9 is affected.

Firefox <149 Sandbox Escape via Telemetry Boundary ConditionsCVE-2026-4687 Published on March 24, 2026

Products Associated with CVE-2026-4687

Affected Versions

Firefox <149 Sandbox Escape via Telemetry Boundary Conditions
CVE-2026-4687 Published on March 24, 2026