Firefox <149 Sandbox Escape: XPCOM Integer Overflow
CVE-2026-4689 Published on March 24, 2026

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

NVD

Products Associated with CVE-2026-4689

Want to know whenever a new CVE is published for Mozilla products? stack.watch will email you.

Mozilla Firefox

Mozilla FireFox Extended Support Release (ESR)

Mozilla Thunderbird

Affected Versions

Mozilla Firefox:

Version unspecified and below 149 is affected.

Mozilla Firefox ESR:

Version unspecified and below 115.34 is affected.

Mozilla Firefox ESR:

Version unspecified and below 140.9 is affected.

Mozilla Thunderbird:

Version unspecified and below 149 is affected.

Mozilla Thunderbird:

Version unspecified and below 140.9 is affected.

Firefox <149 Sandbox Escape: XPCOM Integer OverflowCVE-2026-4689 Published on March 24, 2026

Products Associated with CVE-2026-4689

Affected Versions

Firefox <149 Sandbox Escape: XPCOM Integer Overflow
CVE-2026-4689 Published on March 24, 2026