CVE-2026-8401 — Sandbox escape in the Profile Backup component · QSearch CVE Watch

Severity and scoring

CVSS: 9.8 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-693

Affected products

Vendor	Product
mozilla	firefox

Description

Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

Source: NVD

References

Related CVEs

Same vendor

CVE-2026-10702 — JIT miscompilation in the JavaScript Engine: JIT component (4.3 MEDIUM)
CVE-2026-10701 — Incorrect boundary conditions in the Graphics: Text component (7.5 HIGH)
CVE-2026-9309 — Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata (5.4 MEDIUM)
CVE-2026-9308 — Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders (5.4 MEDIUM)
CVE-2026-9078 — Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI ... (5.4 MEDIUM)

Same CWE

CVE-2026-12031 — Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised t... (8.3 HIGH)
CVE-2025-30431 — The issue was addressed with improved checks (5.5 MEDIUM)
CVE-2025-24284 — This issue was addressed with improved checks to prevent unauthorized actions (8.8 HIGH)
CVE-2026-48546 — KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the explic... (7.3 HIGH)
CVE-2026-50564 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (9.9 CRITICAL)