CVE-2026-4687
Description
Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.024
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Mozilla Firefox ESR (140) (140.9.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox ESR (140) (x64) (140.9.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox ESR (115) (115.34.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox ESR (115) (x64) (115.34.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox (149.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox (x64) (149.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox (Microsoft Store) 140.9 | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox (Microsoft Store) 115.34 | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox (Microsoft Store) 149 | Windows |
| Multiple vulnerabilities are fixed in Mozilla Thunderbird ESR 140 (140.9.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Thunderbird ESR 140 (x64) (140.9.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Thunderbird (149.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Thunderbird (x64) (149.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (149.0) | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-357381 | Mozilla Firefox ESR (140) (140.9.0) |
| PATCH-357382 | Mozilla Firefox ESR (140) (x64) (140.9.0) |
| PATCH-357379 | Mozilla Firefox ESR (115) (115.34.0) |
| PATCH-357380 | Mozilla Firefox ESR (115) (x64) (115.34.0) |
| PATCH-357377 | Mozilla Firefox (149.0) |
| PATCH-357378 | Mozilla Firefox (x64) (149.0) |
| PATCH-357383 | Mozilla Thunderbird ESR 140 (140.9.0) |
| PATCH-357384 | Mozilla Thunderbird ESR 140 (x64) (140.9.0) |
| PATCH-614061 | Mozilla Firefox For Mac (149.0) |
| PATCH-357447 | Mozilla Thunderbird (149.0) |
| PATCH-357448 | Mozilla Thunderbird (x64) (149.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234