CVE-2026-4687 — HIGH (8.6) — White Hats Nepal

Q: How severe is CVE-2026-4687?

CVE-2026-4687 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-4687?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.

Vulnerability Description

Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mozilla	Firefox	< 115.34.0

Related Weaknesses (CWE)

CWE-754 CWE-120

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2016368Permissions Required
https://www.mozilla.org/security/advisories/mfsa2026-20/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-21/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-22/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-23/
https://www.mozilla.org/security/advisories/mfsa2026-24/

FAQ

What is CVE-2026-4687?

CVE-2026-4687 is a vulnerability with a CVSS score of 8.6 (HIGH). Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140...

How severe is CVE-2026-4687?

CVE-2026-4687 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-4687?

Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.