← voltar
CVE-2026-4689

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

CVSS 10 CRITICALEPSS 0.7%CWE-120CWE-190
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 10EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
24 mar 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
Mozilla · FirefoxMozilla · Thunderbird

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2026:5930https://access.redhat.com/errata/RHSA-2026:5931https://access.redhat.com/errata/RHSA-2026:5932https://access.redhat.com/errata/RHSA-2026:6188https://access.redhat.com/errata/RHSA-2026:6342https://access.redhat.com/errata/RHSA-2026:6917https://access.redhat.com/errata/RHSA-2026:7837https://access.redhat.com/errata/RHSA-2026:7838https://access.redhat.com/errata/RHSA-2026:7839https://access.redhat.com/errata/RHSA-2026:7840https://access.redhat.com/errata/RHSA-2026:7841https://access.redhat.com/errata/RHSA-2026:7842