Sandbox Escape Vulnerability in Firefox by Mozilla
CVE-2026-12294

9.6CRITICAL

Key Information:

Vendor

Mozilla

Vendor
CVE Published:
16 June 2026

What is CVE-2026-12294?

A recent vulnerability in Firefox's DOM: Workers component allows for a potential sandbox escape, which can lead to unauthorized access to sensitive information or system resources. This issue has been addressed in Firefox versions 152 and ESR versions 140.12 and 115.37, emphasizing the importance of keeping browser software updated to mitigate security risks. Affected users are advised to promptly update to the latest versions to ensure their devices remain secure.

Affected Version(s)

Firefox 115.37

Firefox 140.12

Firefox 152

References

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Quy Pham
.