CVE-2026-8401

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 150.0.3 Firefox ESR versions prior to 115.36 Firefox ESR versions prior to 140.11

Description A sandbox escape exists in the Profile Backup component. A sandbox is a security mechanism for separating running programs, ensuring that code in a sandbox cannot access resources outside of it.

Recommendations Update to version 150.0.3. Update to ESR version 115.36. Update to ESR version 140.11.

Fix

DoS

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693

Related Identifiers

ALSA-2026:21378

ALSA-2026:21380

ALSA-2026:21381

ALSA-2026:21382

ALSA-2026:22325

ALSA-2026:22643

CVE-2026-8401

OESA-2026-2392

OESA-2026-2393

OESA-2026-2394

OPENSUSE-SU-2026:10813-1

OPENSUSE-SU-2026:10864-1

Affected Products

Firefox

Rocky Linux

CVE-2026-8401

Weakness Enumeration

Related Identifiers

Affected Products

References · 125