PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-4692 Mozilla CVE debrief

CVE-2026-4692 is a critical vulnerability in the Responsive Design Mode component of Firefox, allowing for sandbox escape. The vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. The CVSS score for this vulnerability is 10, indicating the highest severity. The vulnerability was publicly disclosed on March 24, 2026, and the CVE record was last modified on June 30, 2026. The NVD provides detailed information about the vulnerability, including its CVSS vector and weaknesses.

Vendor
Mozilla
Product
Firefox
CVSS
CRITICAL 10
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-24
Original CVE updated
2026-06-30
Advisory published
2026-03-24
Advisory updated
2026-06-30

Who should care

Organizations and individuals using Firefox, Firefox ESR, Thunderbird, or other affected products should prioritize patching this vulnerability. The vulnerability's critical severity and sandbox escape capability make it a high-risk issue. Mozilla has provided advisories and patches for this vulnerability, which should be applied as soon as possible.

Technical summary

The CVE-2026-4692 vulnerability is a sandbox escape issue in the Responsive Design Mode component of Firefox. The vulnerability has a CVSS score of 10 and a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. The weakness associated with this vulnerability is NVD-CWE-noinfo. The vulnerability affects multiple products, including Firefox, Firefox ESR, and Thunderbird. The issue was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Defensive priority

This vulnerability has a high defensive priority due to its critical severity and potential for sandbox escape. Organizations should prioritize patching this vulnerability as soon as possible.

Recommended defensive actions

  • Apply patches for Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
  • Review and update inventory of Firefox, Firefox ESR, and Thunderbird installations.
  • Verify that all affected products are patched or mitigated.
  • Monitor for potential exploitation attempts.
  • Consider implementing compensating controls for high-risk systems.

Evidence notes

The CVE-2026-4692 vulnerability was publicly disclosed on March 24, 2026, and the CVE record was last modified on June 30, 2026. The NVD provides detailed information about the vulnerability, including its CVSS vector and weaknesses. Mozilla has provided advisories and patches for this vulnerability.

Official resources

This article was generated with AI assistance based on the supplied source corpus.