CRITICAL🇵🇱 Wersja polska

CVE-2026-4688

CVSS 10.0v3.1pub. 2026-03-24upd. 2026-06-30

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

🤖 AI Analysis
How it works

The use-after-free vulnerability (CWE-416) involves referencing a memory area that has already been freed within the Disability Access APIs component. This error allows an attacker to manipulate memory structures of the browser or email client process in a way that enables escaping the isolated execution environment (sandbox). Since the attack vector is network-based, it requires no user interaction or special privileges, and the scope of the attack extends beyond the vulnerable component (S:C), so the impact can affect the entire operating system.

Impact

An attacker can escape the browser or email client sandbox, gaining the ability to execute arbitrary code with the privileges of the host process, resulting in complete compromise of system confidentiality, integrity, and availability.

Mitigation & patch

Software must be updated immediately to Firefox 149, Firefox ESR 140.9, Thunderbird 149, or Thunderbird 140.9, in which the vulnerability has been fixed. Patches are available directly from the manufacturer according to references in Mozilla advisories (mfsa2026-20, mfsa2026-22, mfsa2026-23, mfsa2026-24).

Who is affected

Mozilla Firefox versions prior to 149, Mozilla Firefox ESR versions prior to 140.9, Mozilla Thunderbird versions prior to 149, and Mozilla Thunderbird ESR versions prior to 140.9.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Mozilla Firefox

    APP
    Mozilla
    < 140.9.0< 149.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2024-9680CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Use-after-free w Animation timelines Firefox/Thunderbird — RCE

CVE-2022-26486CRITICAL9.6⚠ KEVten sam produkt

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...

CVE-2019-11708CRITICAL10.0⚠ KEVten sam produkt

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...

CVE-2010-3765CRITICAL9.8⚠ KEVten sam produkt

Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before...

CVE-2026-14241CRITICAL9.8ten sam produkt

Memory safety bugs present in Firefox 152.0.3. Some of these bugs showed evidence of memory corruption and we ...