Skip to main content

Firefox Esr CVE-2026-4690

| EUVDEUVD-2026-14804 HIGH
Integer Overflow or Wraparound (CWE-190)
2026-03-24 mozilla GHSA-r7ww-hwqf-cqr6
8.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
SUSE
9.6 CRITICAL
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Red Hat
7.5 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 24, 2026 - 12:45 euvd
EUVD-2026-14804
Analysis Generated
Mar 24, 2026 - 12:45 vuln.today
CVE Published
Mar 24, 2026 - 12:30 nvd
HIGH 8.6

DescriptionNVD

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.

AnalysisAI

A sandbox escape vulnerability exists in Mozilla Firefox due to incorrect boundary conditions and integer overflow within the XPCOM component, allowing attackers to break out of the browser's security sandbox and potentially execute arbitrary code with elevated privileges. Firefox versions below 149, Firefox ESR below 115.34, and Firefox ESR below 140.9 are affected. An attacker capable of triggering the integer overflow in XPCOM can exploit the boundary condition flaw to escape the sandbox, potentially leading to full system compromise depending on browser privilege level and operating system context.

Technical ContextAI

The vulnerability resides in XPCOM (Cross Platform Component Object Model), Mozilla's component architecture used throughout Firefox for managing internal functionality and extensions. The root cause involves incorrect boundary condition validation combined with integer overflow, categorized under buffer overflow attacks (CWE class). When processing certain XPCOM operations, the integer overflow condition allows an attacker to bypass boundary checks designed to prevent out-of-bounds memory access. This directly undermines Firefox's sandbox isolation mechanism, which typically restricts web content from accessing system resources. The affected products span multiple Firefox variants: standard Firefox (all versions below 149) and two Extended Support Release branches (ESR versions below 115.34 and 140.9), as identified by CPE strings cpe:2.3:a:mozilla:firefox and cpe:2.3:a:mozilla:firefox_esr.

RemediationAI

Immediately upgrade Mozilla Firefox to version 149 or later, Firefox ESR to version 115.34 or later, or Firefox ESR to version 140.9 or later, depending on your deployment. Organizations on Windows, macOS, and Linux can access automated updates through each platform's respective Firefox update mechanism, or manually download patched versions from https://www.mozilla.org/firefox/. For enterprises managing Firefox centrally, update deployment should be prioritized within 24-48 hours given the sandbox escape severity. Until patching is complete, consider restricting Firefox usage for high-risk activities, enforcing additional endpoint protection (host-based intrusion detection), and monitoring for exploitation attempts targeting XPCOM components. No viable workarounds exist for this sandbox boundary vulnerability, making patching the only effective mitigation.

CVE-2020-26950 HIGH POC
8.8 Dec 09

In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable

CVE-2026-4689 CRITICAL POC
10.0 Mar 24

A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer over

CVE-2022-29917 CRITICAL POC
9.8 Dec 22

Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bug

CVE-2014-1568 HIGH
7.5 Sep 25

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozi

CVE-2022-26384 CRITICAL POC
9.6 Dec 22

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scri

CVE-2022-34484 HIGH POC
8.8 Dec 22

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Rated high severity (CVSS 8.8)

CVE-2022-28281 HIGH POC
8.8 Dec 22

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent pr

CVE-2022-26381 HIGH POC
8.8 Dec 22

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploi

CVE-2022-22756 HIGH POC
8.8 Dec 22

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been

CVE-2022-22740 HIGH POC
8.8 Dec 22

Certain network request objects were freed too early when releasing a network request handle. Rated high severity (CVSS

CVE-2022-22738 HIGH POC
8.8 Dec 22

Applying a CSS filter effect could have accessed out of bounds memory. Rated high severity (CVSS 8.8), this vulnerabilit

CVE-2021-29988 HIGH POC
8.8 Aug 17

Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory

Vendor StatusVendor

Debian

firefox
Release Status Fixed Version Urgency
sid vulnerable 148.0.2-1 -
(unstable) fixed (unfixed) -
firefox-esr
Release Status Fixed Version Urgency
bullseye vulnerable 115.14.0esr-1~deb11u1 -
bullseye (security) vulnerable 140.8.0esr-1~deb11u1 -
bookworm vulnerable 128.14.0esr-1~deb12u1 -
bookworm (security) vulnerable 140.8.0esr-1~deb12u1 -
trixie (security), trixie vulnerable 140.8.0esr-1~deb13u1 -
forky, sid vulnerable 140.8.0esr-1 -
(unstable) fixed (unfixed) -

SUSE

Severity: Critical
Product Status
Image SLES15-SP5-SAP-Azure-LI-BYOS Image SLES15-SP5-SAP-Azure-LI-BYOS-Production Image SLES15-SP5-SAP-Azure-VLI-BYOS Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production Image SLES15-SP6-SAP-Azure-LI-BYOS Image SLES15-SP6-SAP-Azure-LI-BYOS-Production Image SLES15-SP6-SAP-Azure-VLI-BYOS Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production Image SLES15-SP7-SAP-Azure-LI-BYOS-Production Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production Affected
SUSE Liberty Linux 10 Fixed
SUSE Liberty Linux 8 Fixed
SUSE Liberty Linux 9 Fixed
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

CVE-2026-4690 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy