CVE-2026-8958
Analyzed Analyzed - Analysis Complete
Security Sandbox Escape in Firefox

Publication date: 2026-05-19

Last updated on: 2026-05-20

Assigner: Mozilla Corporation

Description
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-19
Last Modified
2026-05-20
Generated
2026-05-20
AI Q&A
2026-05-19
EPSS Evaluated
N/A
NVD
CVE-2026-8958
EUVD
EUVD-2026-30907
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
mozilla firefox to 151.0.0 (exc)
mozilla firefox to 140.11.0 (exc)
mozilla thunderbird to 140.11 (exc)
mozilla thunderbird to 151.0.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-693 The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
CWE-668 The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves information disclosure and sandbox escape within the Security: Process Sandboxing component of Mozilla Firefox. It allows an attacker to potentially bypass the sandbox protections designed to isolate processes, leading to unauthorized access to information.

The issue was addressed and fixed in Firefox version 151 and Firefox ESR 140.11.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

This vulnerability involves information disclosure and sandbox escape in the Security: Process Sandboxing component of Firefox. Such information disclosure vulnerabilities can potentially lead to unauthorized access to sensitive data, which may impact compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal and sensitive information.

However, the provided information does not specify the exact nature or scope of the data exposed or how it relates to regulated data types under these standards.


How can this vulnerability impact me? :

Exploitation of this vulnerability could allow an attacker to escape the sandbox environment, potentially gaining access to sensitive information that should have been protected by the sandbox. This could lead to unauthorized data exposure or further compromise of the system running Firefox.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update Firefox to version 151 or later, or Firefox ESR to version 140.11 or later, where the issue has been fixed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart