#VU124294 Integer overflow in Mozilla products - CVE-2026-4689
Published: March 24, 2026
Vulnerability identifier: #VU124294
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2026-4689
CWE-ID: CWE-190
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Mozilla Firefox
Firefox ESR
Firefox for Android
Mozilla Firefox
Firefox ESR
Firefox for Android
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote attacker to escape the sandbox.
The vulnerability exists due to incorrect boundary conditions, integer overflow in the XPCOM component when processing data. A remote attacker can trick the victim into visiting a specially crafted website and escape the sandbox.
Exploitation could lead to sandbox escape and arbitrary code execution in the context of the underlying operating system.
Remediation
Install security update from vendor's website.