Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Version | Base score | Base severity | Vector |
|---|---|---|---|
| 3.1 | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the Profile Backup component
| Version | Base score | Base severity | Vector |
|---|---|---|---|
| 3.1 | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
| CAPEC ID | Description |
|---|
RHSA-2026:26551: Red Hat Enterprise Linux Server (v. 7 ELS)
RHSA-2026:27715: Red Hat Enterprise Linux AppStream EUS (v. 10.0)
RHSA-2026:26539: Red Hat Enterprise Linux AppStream EUS (v. 10.0)
RHSA-2026:21380: Red Hat Enterprise Linux AppStream (v. 10)
RHSA-2026:22325: Red Hat Enterprise Linux AppStream (v. 10)
RHSA-2026:21382: Red Hat Enterprise Linux AppStream (v. 8)
RHSA-2026:22643: Red Hat Enterprise Linux AppStream (v. 8)
RHSA-2026:26629: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)
RHSA-2026:26270: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)
RHSA-2026:26606: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)
RHSA-2026:26536: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)
RHSA-2026:26630: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)
RHSA-2026:26268: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)
RHSA-2026:26491: Red Hat Enterprise Linux AppStream E4S (v.9.2)
RHSA-2026:26269: Red Hat Enterprise Linux AppStream E4S (v.9.2)
RHSA-2026:26493: Red Hat Enterprise Linux AppStream E4S (v.9.4)
RHSA-2026:26174: Red Hat Enterprise Linux AppStream E4S (v.9.4)
RHSA-2026:26492: Red Hat Enterprise Linux AppStream EUS (v.9.6)
RHSA-2026:26521: Red Hat Enterprise Linux AppStream EUS (v.9.6)
RHSA-2026:21378: Red Hat Enterprise Linux AppStream (v. 9)
RHSA-2026:21381: Red Hat Enterprise Linux AppStream (v. 9)
| Event | Date |
|---|---|
| Reported to Red Hat. | 2026-05-12 15:01:19 |
| Made public. | 2026-05-12 14:24:33 |