CVE-2026-8945
Sandbox Escape in Firefox and Firefox Focus for Android
Publication date: 2026-05-19
Last updated on: 2026-05-19
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | 151 |
| mozilla | firefox_focus | 151 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a sandbox escape in Firefox and Firefox Focus for Android. A sandbox escape means that an attacker could potentially break out of the restricted environment (sandbox) that the browser uses to isolate processes, which could allow them to execute code or perform actions outside the intended secure boundaries.
The issue was fixed in Firefox version 151.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to bypass the security restrictions of the browser's sandbox on Android devices. This could lead to unauthorized code execution or access to sensitive information outside the browser's protected environment.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox and Firefox Focus for Android to version 151 or later, where the sandbox escape issue has been fixed.