Skip to main content

Firefox Esr CVE-2026-4689

| EUVDEUVD-2026-14802 CRITICAL
Classic Buffer Overflow (CWE-120)
2026-03-24 mozilla
10.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
SUSE
8.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Red Hat
7.5 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
PoC Detected
Mar 25, 2026 - 15:34 vuln.today
Public exploit code
EUVD ID Assigned
Mar 24, 2026 - 12:45 euvd
EUVD-2026-14802
Analysis Generated
Mar 24, 2026 - 12:45 vuln.today
CVE Published
Mar 24, 2026 - 12:30 nvd
CRITICAL 10.0

DescriptionNVD

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.

AnalysisAI

A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer overflow, allowing attackers to bypass security sandboxing mechanisms. This affects Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9. An attacker can exploit this flaw to escape the browser sandbox and potentially execute arbitrary code with elevated privileges on the affected system.

Technical ContextAI

The vulnerability resides in Mozilla Firefox's XPCOM (Cross Platform Component Object Model) component, which is Mozilla's framework for creating reusable software components. The root cause involves incorrect boundary condition checks combined with integer overflow, classified under buffer overflow vulnerabilities (CWE category). XPCOM is a core architectural component responsible for managing inter-process communication and memory allocation within Firefox. The integer overflow condition likely allows an attacker to manipulate memory boundaries, bypassing the sandbox's isolation mechanisms that normally restrict web content from accessing system resources. The affected products are identified via CPE strings: cpe:2.3:a:mozilla:firefox (all versions), cpe:2.3:a:mozilla:firefox_esr (both ESR branches), indicating both the rapid-release and extended support release channels are impacted.

RemediationAI

Immediately upgrade Firefox to version 149 or later, or upgrade Firefox ESR to version 115.34 or later if using the 115.x branch, or version 140.9 or later if using the 140.x branch. Detailed patching guidance is available in the Mozilla security advisories at https://www.mozilla.org/security/advisories/mfsa2026-20/, https://www.mozilla.org/security/advisories/mfsa2026-21/, and https://www.mozilla.org/security/advisories/mfsa2026-22/. As a temporary mitigation pending patching, disable or restrict JavaScript execution in untrusted content and limit browsing to known trusted websites, though these measures provide only partial protection given the sandbox escape nature of the vulnerability. Organizations should prioritize patching within 24-48 hours given the critical nature of sandbox bypass flaws.

CVE-2020-26950 HIGH POC
8.8 Dec 09

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable

CVE-2022-29917 CRITICAL POC
9.8 Dec 22

Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bug

CVE-2014-1568 HIGH
7.5 Sep 25

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozi

CVE-2022-26384 CRITICAL POC
9.6 Dec 22

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scri

CVE-2022-34484 HIGH POC
8.8 Dec 22

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Rated high severity (CVSS 8.8)

CVE-2022-28281 HIGH POC
8.8 Dec 22

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent pr

CVE-2022-26381 HIGH POC
8.8 Dec 22

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploi

CVE-2022-22756 HIGH POC
8.8 Dec 22

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been

CVE-2022-22740 HIGH POC
8.8 Dec 22

Certain network request objects were freed too early when releasing a network request handle. Rated high severity (CVSS

CVE-2022-22738 HIGH POC
8.8 Dec 22

Applying a CSS filter effect could have accessed out of bounds memory. Rated high severity (CVSS 8.8), this vulnerabilit

CVE-2021-29988 HIGH POC
8.8 Aug 17

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory

CVE-2021-29985 HIGH POC
8.8 Aug 17

A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash

Vendor StatusVendor

Debian

firefox
Release Status Fixed Version Urgency
sid vulnerable 148.0.2-1 -
(unstable) fixed (unfixed) -
firefox-esr
Release Status Fixed Version Urgency
bullseye vulnerable 115.14.0esr-1~deb11u1 -
bullseye (security) vulnerable 140.8.0esr-1~deb11u1 -
bookworm vulnerable 128.14.0esr-1~deb12u1 -
bookworm (security) vulnerable 140.8.0esr-1~deb12u1 -
trixie (security), trixie vulnerable 140.8.0esr-1~deb13u1 -
forky, sid vulnerable 140.8.0esr-1 -
(unstable) fixed (unfixed) -

SUSE

Severity: High
Product Status
Image SLES15-SP5-SAP-Azure-LI-BYOS Image SLES15-SP5-SAP-Azure-LI-BYOS-Production Image SLES15-SP5-SAP-Azure-VLI-BYOS Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production Image SLES15-SP6-SAP-Azure-LI-BYOS Image SLES15-SP6-SAP-Azure-LI-BYOS-Production Image SLES15-SP6-SAP-Azure-VLI-BYOS Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production Image SLES15-SP7-SAP-Azure-LI-BYOS-Production Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production Affected
SUSE Liberty Linux 10 Fixed
SUSE Liberty Linux 8 Fixed
SUSE Liberty Linux 9 Fixed
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

CVE-2026-4689 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy