CRITICALCVE-2026-2776Published Modified CNA mozilla
CVE-2026-2776: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software
Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
Metrics
- CVSS v3.1
- 10.0
- Severity
- CRITICAL
- Fixed in
- 115.33
- Affected Products
- 2
Fix available
115.33140.8148
Affected packages
- Mozilla / FirefoxFixed in 115.33, 140.8, 148
- Mozilla / ThunderbirdFixed in 140.8, 148
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H