Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
The bug concerns incorrect boundary conditions in the Telemetry component of external software, which qualifies as a CWE-119 vulnerability — improper restriction of operations within a memory buffer. This results in the possibility of escaping from the isolated sandbox environment used by Mozilla browsers to limit the impact of potential attacks. The attack vector is network-based, requires no authentication or user interaction, and the attack scope extends beyond the isolated component (S:C).
An attacker can escape from the sandbox mechanism and gain full access to confidentiality, integrity, and availability of the system, which in practice may mean taking control of the victim's host and executing arbitrary code outside the isolated browser environment.
Software must be immediately updated to the following versions: Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, or Thunderbird 140.8. Patches are available from the vendor according to references (mfsa2026-13 to mfsa2026-16).
Mozilla Firefox (versions before 148), Mozilla Firefox ESR (versions before 115.33 and before 140.8), Mozilla Thunderbird (versions before 148 and before 140.8)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HMozilla Firefox
APPMozilla< 115.33.0< 148.0128.0 – 140.8.0 (bez)Mozilla Thunderbird
APPMozilla< 140.8.0< 148.0
Related vulnerabilities
Use-after-free w Animation timelines Firefox/Thunderbird — RCE
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...
Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...