PT-2026-21701 · Mozilla · Firefox+2

Sajeeb Lohani

Published

2026-01-01

Updated

2026-04-16

CVE-2026-2768

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148 Firefox ESR versions prior to 140.8 Thunderbird versions prior to 148 Thunderbird versions prior to 140.8

Description A sandbox escape issue exists in the Storage: IndexedDB component. This allows a potential escape from the browser's security sandbox.

Recommendations Update Firefox to version 148 or later. Update Firefox ESR to version 140.8 or later. Update Thunderbird to version 148 or later. Update Thunderbird to version 140.8 or later.

Fix

Improper Access Control

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-693

Related Identifiers

ALSA-2026:3338

ALSA-2026:3339

ALSA-2026:3361

ALSA-2026:3515

ALSA-2026:3516

ALSA-2026:3517

CVE-2026-2768

MGASA-2026-0052

MGASA-2026-0053

OESA-2026-1471

OESA-2026-1472

OESA-2026-1473

OESA-2026-1474

OESA-2026-1539

OESA-2026-1540

OPENSUSE-SU-2026:10242-1

OPENSUSE-SU-2026:10248-1

OPENSUSE-SU-2026:10257-1

OPENSUSE-SU-2026:20365-1

OPENSUSE-SU-2026:20391-1

RHSA-2026:3338

RHSA-2026:3339

RHSA-2026:3361

RHSA-2026:3491

RHSA-2026:3492

RHSA-2026:3493

RHSA-2026:3494

RHSA-2026:3495

RHSA-2026:3496

RHSA-2026:3497

RHSA-2026:3515

RHSA-2026:3516

RHSA-2026:3517

RHSA-2026:3976

RHSA-2026:3978

RHSA-2026:3979

RHSA-2026:3980

RHSA-2026:3981

RHSA-2026:3982

RHSA-2026:3983

RHSA-2026:3984

RHSA-2026:4022

RHSA-2026:4152

RHSA-2026:4260

RHSA-2026:4432

SUSE-SU-2026:0812-1

SUSE-SU-2026:0871-1

SUSE-SU-2026:0880-1

Affected Products

Firefox

Firefox Esr

Thunderbird

PT-2026-21701 · Mozilla · Firefox+2

CVE-2026-2768

Weakness Enumeration

Related Identifiers

Affected Products

References · 270