Sandbox Escape Vulnerability in Firefox by Mozilla
CVE-2026-12294

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-12294?

A recent vulnerability in Firefox's DOM: Workers component allows for a potential sandbox escape, which can lead to unauthorized access to sensitive information or system resources. This issue has been addressed in Firefox versions 152 and ESR versions 140.12 and 115.37, emphasizing the importance of keeping browser software updated to mitigate security risks. Affected users are advised to promptly update to the latest versions to ensure their devices remain secure.

Affected Version(s)

Firefox 115.37

Firefox 140.12

Firefox 152

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2039873

https://www.mozilla.org/security/advisories/mfsa2026-57/

https://www.mozilla.org/security/advisories/mfsa2026-58/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Jun 15, 2026

Credit

Quy Pham

CVE-2026-12294 Data

JSON