CVE-2026-4692 Sandbox escape in the Responsive Design Mode component

🗓️ 24 Mar 2026 12:30:24Reported by mozillaType

Sandbox escape in the Responsive Design Mode component affects Firefox below 149 and ESR below 115.34.

Reporter	Title	Published	Views	Family All 292
FreeBSD	Mozilla -- Multiple vulnerabilities	24 Mar 202600:00	–	freebsd
ATTACKERKB	CVE-2026-4692	24 Mar 202612:30	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : firefox (ALAS2023-2026-1554)	13 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3241 (ALAS-2026-3241)	14 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-056 (ALASFIREFOX-2026-056)	14 Apr 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : firefox (ALSA-2026:5930)	30 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : firefox (ALSA-2026:5931)	30 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : firefox (ALSA-2026:5932)	30 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : thunderbird (ALSA-2026:6188)	3 Apr 202600:00	–	nessus
Tenable Nessus	AlmaLinux 10 : thunderbird (ALSA-2026:6342)	1 Apr 202600:00	–	nessus

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "115.34",
        "lessThanOrEqual": "115.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "140.9",
        "lessThanOrEqual": "140.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "149",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "status": "unaffected",
        "version": "140.9",
        "lessThanOrEqual": "140.*",
        "versionType": "rpm"
      },
      {
        "status": "unaffected",
        "version": "149",
        "lessThanOrEqual": "*",
        "versionType": "rpm"
      }
    ]
  }
]

Source	Link
mozilla	www.mozilla.org/security/advisories/mfsa2026-23/
mozilla	www.mozilla.org/security/advisories/mfsa2026-22/
bugzilla	www.bugzilla.mozilla.org/show_bug.cgi
mozilla	www.mozilla.org/security/advisories/mfsa2026-21/
mozilla	www.mozilla.org/security/advisories/mfsa2026-20/
mozilla	www.mozilla.org/security/advisories/mfsa2026-24/

13 Apr 2026 13:48Current

EPSS0.00032