PatchSiren cyber security CVE debrief
CVE-2026-2768 Mozilla CVE debrief
CVE-2026-2768 is a critical vulnerability in the Storage: IndexedDB component of Mozilla Firefox and Thunderbird, allowing for a sandbox escape. The vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. This vulnerability has a CVSS score of 10 and a severity of CRITICAL. The CVE was published on 2026-02-24T14:16:25.183Z and last modified on 2026-06-30T03:18:17.470Z.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-24
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-02-24
- Advisory updated
- 2026-06-30
Who should care
Organizations and individuals using Mozilla Firefox, Firefox ESR, and Thunderbird should prioritize patching this vulnerability to prevent potential sandbox escapes. Given the critical severity and CVSS score of 10, immediate attention is required. Users of Red Hat systems may also need to apply specific errata to address this issue.
Technical summary
The CVE-2026-2768 vulnerability is related to a sandbox escape in the Storage: IndexedDB component of Mozilla Firefox and Thunderbird. The vulnerability was addressed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, indicating a high level of exploitability and potential impact. The CWE for this vulnerability is listed as CWE-284 and CWE-693.
Defensive priority
High priority should be given to patching CVE-2026-2768 due to its critical severity and CVSS score of 10. Organizations should ensure that all instances of Mozilla Firefox, Firefox ESR, and Thunderbird are updated to the patched versions.
Recommended defensive actions
- Apply patches for Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
- Ensure all instances of Mozilla Firefox, Firefox ESR, and Thunderbird are updated to the patched versions.
- Review and apply Red Hat errata RHSA-2026:3338, RHSA-2026:3339, and others as necessary.
- Monitor for any signs of exploitation or anomalous behavior in Firefox and Thunderbird.
- Perform a thorough inventory check to ensure all affected systems are identified and patched.
Evidence notes
The CVE-2026-2768 vulnerability was identified in the Storage: IndexedDB component of Mozilla Firefox and Thunderbird. The vulnerability allows for a sandbox escape and has a CVSS score of 10. It was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. The CVE was published on 2026-02-24T14:16:25.183Z and last modified on 2026-06-30T03:18:17.470Z. Multiple references and errata are available for this vulnerability, including those from Mozilla and Red Hat.
Official resources
-
CVE-2026-2768 CVE record
CVE.org
-
CVE-2026-2768 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Issue Tracking, Permissions Required
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.