CVE-2026-2768

critical

Description

Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

References

https://www.mozilla.org/security/advisories/mfsa2026-17/

https://www.mozilla.org/security/advisories/mfsa2026-16/

https://www.mozilla.org/security/advisories/mfsa2026-15/

https://www.mozilla.org/security/advisories/mfsa2026-13/

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2768.json

https://bugzilla.redhat.com/show_bug.cgi?id=2442298

https://bugzilla.mozilla.org/show_bug.cgi?id=2014101

https://access.redhat.com/security/cve/CVE-2026-2768

https://access.redhat.com/errata/RHSA-2026:4432

https://access.redhat.com/errata/RHSA-2026:4260

https://access.redhat.com/errata/RHSA-2026:4152

https://access.redhat.com/errata/RHSA-2026:4022

https://access.redhat.com/errata/RHSA-2026:3984

https://access.redhat.com/errata/RHSA-2026:3983

https://access.redhat.com/errata/RHSA-2026:3982

https://access.redhat.com/errata/RHSA-2026:3981

https://access.redhat.com/errata/RHSA-2026:3980

https://access.redhat.com/errata/RHSA-2026:3979

https://access.redhat.com/errata/RHSA-2026:3978

https://access.redhat.com/errata/RHSA-2026:3976

https://access.redhat.com/errata/RHSA-2026:3517

https://access.redhat.com/errata/RHSA-2026:3516

https://access.redhat.com/errata/RHSA-2026:3515

https://access.redhat.com/errata/RHSA-2026:3497

https://access.redhat.com/errata/RHSA-2026:3496

https://access.redhat.com/errata/RHSA-2026:3495

https://access.redhat.com/errata/RHSA-2026:3494

https://access.redhat.com/errata/RHSA-2026:3493

https://access.redhat.com/errata/RHSA-2026:3492

https://access.redhat.com/errata/RHSA-2026:3491

https://access.redhat.com/errata/RHSA-2026:3361

https://access.redhat.com/errata/RHSA-2026:3339

https://access.redhat.com/errata/RHSA-2026:3338

Details

Source: Mitre, NVD

Published: 2026-02-24

Updated: 2026-06-30

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 10

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00018