Sandbox Escape Vulnerability in Firefox Profile Backup Component
CVE-2026-8401

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-8401?

A vulnerability has been identified in the Profile Backup component of Firefox, allowing an attacker to escape the restricted environment of the browser. This sandbox escape could enable malicious actors to gain unauthorized access to sensitive data or perform unintended actions within a user’s system. The vulnerability has been addressed in Firefox version 150.0.3, which mitigates the risk associated with this issue. Users are encouraged to update to the latest version to ensure their protection against potential exploits.

Affected Version(s)

Firefox 150.0.3

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2038679

https://www.mozilla.org/security/advisories/mfsa2026-45/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
May 12, 2026

Credit

Andrew McCreight

CVE-2026-8401 Data

JSON

Mozilla

What is CVE-2026-8401?

Affected Version(s)

References

Timeline

Credit