QSearchQSearch

CVE-2026-8958

8.6 HIGH

Information disclosure, sandbox escape in the Security: Process Sandboxing component

Published: 2026-05-19 · Last updated: 2026-05-20

Severity and scoring

CVSS
8.6 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CWE
CWE-668, CWE-693

Affected products

VendorProduct
mozillafirefox, thunderbird

Description

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-10702 JIT miscompilation in the JavaScript Engine: JIT component (4.3 MEDIUM)
  • CVE-2026-10701 Incorrect boundary conditions in the Graphics: Text component (7.5 HIGH)
  • CVE-2026-9309 Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata (5.4 MEDIUM)
  • CVE-2026-9308 Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders (5.4 MEDIUM)
  • CVE-2026-9078 Firefox for iOS displayed specially crafted right-to-left (RTL) and internationalized domain names (IDNs) incorrectly in link preview UI ... (5.4 MEDIUM)

Same CWE

  • CVE-2026-50564 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (9.9 CRITICAL)
  • CVE-2026-50545 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (9.9 CRITICAL)
  • CVE-2026-48096 OpenFGA is an authorization/permission engine built for developers (5.0 MEDIUM)
  • CVE-2026-48575 Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally (7.9 HIGH)
  • CVE-2026-48570 Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally (7.9 HIGH)