CVE-2026-4687

CWE-754 CWE-120 — Classic Buffer Overflow CWE-50113 documents9 sources

Severity

8.6HIGH

EPSS

0.0%

top 93.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedMar 24

Description

Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages6 packages

▶CVEListV5mozilla/firefoxunspecified — 149

▶NVDmozilla/firefox128.0 — 140.9.0+2

▶CVEListV5mozilla/firefox_esrunspecified — 115.34+1

▶Debianfirefox-esr< 140.9.0esr-1~deb11u1+3

▶CVEListV5mozilla/thunderbirdunspecified — 149+1

🔴Vulnerability Details

CVEList

Sandbox escape due to incorrect boundary conditions in the Telemetry component↗2026-03-24

▶

OSV

CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component↗2026-03-24

▶

GHSA

GHSA-gw7x-g9xx-wmm2: Sandbox escape due to incorrect boundary conditions in the Telemetry component↗2026-03-24

▶

📋Vendor Advisories

Red Hat

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component↗2026-03-24

▶

Debian

CVE-2026-4687: firefox - Sandbox escape due to incorrect boundary conditions in the Telemetry component. ...↗2026

▶

Mozilla

Mozilla Foundation Security Advisory 2026-22: CVE-2026-4687↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-23: CVE-2026-4687↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-24: CVE-2026-4687↗

▶

🕵️Threat Intelligence

Wiz

CVE-2026-4687 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-4687 firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component↗2026-03-24

▶