CVE-2026-4692
CRITICALSandbox escape in the Responsive Design Mode component
Title source: cnaDescription
Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
References (34)
Core 34
Core References
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:5930
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:5931
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:5932
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:6188
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:6342
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:6917
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:7837
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:7838
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:7839
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:7840
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:7841
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:7842
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:7843
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:7845
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:7858
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:8284
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:8285
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:8286
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:8287
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:8288
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:8289
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:8290
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:8315
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:8427
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:8850
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-4692
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2450748
Scores
CVSS v3
10.0
EPSS
0.0049
EPSS Percentile
38.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-653
Status
published
Products (14)
mozilla/firefox
< 115.34.0
mozilla/firefox
< 149.0
Mozilla/Firefox
115.34 - 115.*
Mozilla/Firefox
140.9 - 140.*
Mozilla/Firefox
149
Mozilla/Firefox
unspecified - 149
Mozilla/Firefox ESR
unspecified - 115.34
Mozilla/Firefox ESR
unspecified - 140.9
mozilla/thunderbird
< 140.9.0
mozilla/thunderbird
< 149.0
... and 4 more
Published
Mar 24, 2026
Tracked Since
Mar 24, 2026