CVE-2026-4690

CVSS v3.1

8.6

High

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 149 Firefox ESR versions prior to 115.34 Firefox ESR versions prior to 140.9 Thunderbird versions prior to 149 Thunderbird versions prior to 140.9

Description A sandbox escape is possible due to incorrect boundary conditions and an integer overflow within the XPCOM component. This could allow an attacker to bypass security restrictions.

Recommendations Update Firefox to version 149 or later. Update Firefox ESR to version 115.34 or later. Update Firefox ESR to version 140.9 or later. Update Thunderbird to version 149 or later. Update Thunderbird to version 140.9 or later.

Fix

Improper Check for Exceptional Conditions

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754CWE-190

Related Identifiers

CVE-2026-4690

Affected Products

Firefox

Firefox Esr

Thunderbird

CVE-2026-4690

Weakness Enumeration

Related Identifiers

Affected Products

References · 7