PatchSiren cyber security CVE debrief
CVE-2026-4692 Mozilla CVE debrief
CVE-2026-4692 is a critical vulnerability in the Responsive Design Mode component of Firefox, allowing for sandbox escape. The vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. The CVSS score for this vulnerability is 10, indicating the highest severity. The vulnerability was publicly disclosed on March 24, 2026, and the CVE record was last modified on June 30, 2026. The NVD provides detailed information about the vulnerability, including its CVSS vector and weaknesses.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-24
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-03-24
- Advisory updated
- 2026-06-30
Who should care
Organizations and individuals using Firefox, Firefox ESR, Thunderbird, or other affected products should prioritize patching this vulnerability. The vulnerability's critical severity and sandbox escape capability make it a high-risk issue. Mozilla has provided advisories and patches for this vulnerability, which should be applied as soon as possible.
Technical summary
The CVE-2026-4692 vulnerability is a sandbox escape issue in the Responsive Design Mode component of Firefox. The vulnerability has a CVSS score of 10 and a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. The weakness associated with this vulnerability is NVD-CWE-noinfo. The vulnerability affects multiple products, including Firefox, Firefox ESR, and Thunderbird. The issue was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Defensive priority
This vulnerability has a high defensive priority due to its critical severity and potential for sandbox escape. Organizations should prioritize patching this vulnerability as soon as possible.
Recommended defensive actions
- Apply patches for Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
- Review and update inventory of Firefox, Firefox ESR, and Thunderbird installations.
- Verify that all affected products are patched or mitigated.
- Monitor for potential exploitation attempts.
- Consider implementing compensating controls for high-risk systems.
Evidence notes
The CVE-2026-4692 vulnerability was publicly disclosed on March 24, 2026, and the CVE record was last modified on June 30, 2026. The NVD provides detailed information about the vulnerability, including its CVSS vector and weaknesses. Mozilla has provided advisories and patches for this vulnerability.
Official resources
-
CVE-2026-4692 CVE record
CVE.org
-
CVE-2026-4692 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Permissions Required
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article was generated with AI assistance based on the supplied source corpus.