CVE-2026-4692

critical

Description

Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

References

https://www.mozilla.org/security/advisories/mfsa2026-24/

https://www.mozilla.org/security/advisories/mfsa2026-23/

https://www.mozilla.org/security/advisories/mfsa2026-22/

https://www.mozilla.org/security/advisories/mfsa2026-21/

https://www.mozilla.org/security/advisories/mfsa2026-20/

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4692.json

https://bugzilla.redhat.com/show_bug.cgi?id=2450748

https://bugzilla.mozilla.org/show_bug.cgi?id=2017643

https://access.redhat.com/security/cve/CVE-2026-4692

https://access.redhat.com/errata/RHSA-2026:8850

https://access.redhat.com/errata/RHSA-2026:8427

https://access.redhat.com/errata/RHSA-2026:8315

https://access.redhat.com/errata/RHSA-2026:8290

https://access.redhat.com/errata/RHSA-2026:8289

https://access.redhat.com/errata/RHSA-2026:8288

https://access.redhat.com/errata/RHSA-2026:8287

https://access.redhat.com/errata/RHSA-2026:8286

https://access.redhat.com/errata/RHSA-2026:8285

https://access.redhat.com/errata/RHSA-2026:8284

https://access.redhat.com/errata/RHSA-2026:7858

https://access.redhat.com/errata/RHSA-2026:7845

https://access.redhat.com/errata/RHSA-2026:7843

https://access.redhat.com/errata/RHSA-2026:7842

https://access.redhat.com/errata/RHSA-2026:7841

https://access.redhat.com/errata/RHSA-2026:7840

https://access.redhat.com/errata/RHSA-2026:7839

https://access.redhat.com/errata/RHSA-2026:7838

https://access.redhat.com/errata/RHSA-2026:7837

https://access.redhat.com/errata/RHSA-2026:6917

https://access.redhat.com/errata/RHSA-2026:6342

https://access.redhat.com/errata/RHSA-2026:6188

https://access.redhat.com/errata/RHSA-2026:5932

https://access.redhat.com/errata/RHSA-2026:5931

https://access.redhat.com/errata/RHSA-2026:5930

Details

Source: Mitre, NVD

Published: 2026-03-24

Updated: 2026-06-30

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 10

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00009