CVE-2026-4692

CWE-65313 documents9 sources

Severity

10.0CRITICAL

EPSS

0.0%

top 92.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedMar 24

Description

Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages7 packages

▶CVEListV5mozilla/firefoxunspecified — 149

▶NVDmozilla/firefox128.0 — 140.9.0+2

▶CVEListV5mozilla/firefox_esrunspecified — 115.34+1

▶Debianfirefox-esr< 140.9.0esr-1~deb11u1+3

▶CVEListV5mozilla/thunderbirdunspecified — 149+1

🔴Vulnerability Details

GHSA

GHSA-cm3f-xp4p-xgj7: Sandbox escape in the Responsive Design Mode component↗2026-03-24

▶

OSV

CVE-2026-4692: Sandbox escape in the Responsive Design Mode component↗2026-03-24

▶

CVEList

Sandbox escape in the Responsive Design Mode component↗2026-03-24

▶

📋Vendor Advisories

Red Hat

firefox: thunderbird: Sandbox escape in the Responsive Design Mode component↗2026-03-24

▶

Debian

CVE-2026-4692: firefox - Sandbox escape in the Responsive Design Mode component. This vulnerability affec...↗2026

▶

Mozilla

Mozilla Foundation Security Advisory 2026-20: CVE-2026-4692↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-23: CVE-2026-4692↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-24: CVE-2026-4692↗

▶

🕵️Threat Intelligence

Wiz

CVE-2026-4692 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-4692 firefox: thunderbird: Sandbox escape in the Responsive Design Mode component↗2026-03-24

▶