Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-4689

Опубликовано: 24 мар. 2026
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10rhel10/firefox-flatpakAffected
Red Hat Enterprise Linux 10rhel10/thunderbird-flatpakAffected
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7firefoxAffected
Red Hat Enterprise Linux 7thunderbirdOut of support scope
Red Hat Enterprise Linux 8thunderbirdAffected
Red Hat Enterprise Linux 10firefoxFixedRHSA-2026:593126.03.2026
Red Hat Enterprise Linux 10thunderbirdFixedRHSA-2026:634201.04.2026
Red Hat Enterprise Linux 8firefoxFixedRHSA-2026:593226.03.2026

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=2450718firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

EPSS

Процентиль: 8%
0.00027
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-4689

CVSS3: 10
ubuntu
14 дней назад

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

nvd логотип

CVE-2026-4689

CVSS3: 10
nvd
14 дней назад

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.

debian логотип

CVE-2026-4689

CVSS3: 10
debian
14 дней назад

Sandbox escape due to incorrect boundary conditions, integer overflow ...

github логотип

GHSA-j5qx-hh9g-j6wj

CVSS3: 10
github
14 дней назад

Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.

oracle-oval логотип

ELSA-2026-5932

oracle-oval
12 дней назад

ELSA-2026-5932: firefox security update (IMPORTANT)

EPSS

Процентиль: 8%
0.00027
Низкий

7.5 High

CVSS3