CVE-2026-4689
Severity
10.0CRITICAL
EPSS
0.0%
top 92.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 24
Description
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0
Affected Packages7 packages
🔴Vulnerability Details
3CVEList▶
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component↗2026-03-24
OSV▶
CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component↗2026-03-24
GHSA▶
GHSA-j5qx-hh9g-j6wj: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component↗2026-03-24
📋Vendor Advisories
7🕵️Threat Intelligence
1💬Community
1Bugzilla▶
CVE-2026-4689 firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component↗2026-03-24