Sandbox Escape Vulnerability in Firefox Accessibility Features
CVE-2026-8953

9.6CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-8953?

A critical vulnerability has been identified in the Disability Access APIs of Firefox, which allows a sandbox escape via a use-after-free condition. This vulnerability can lead to unintended access to system resources, potentially compromising user security and privacy. The issue affects specific versions of Firefox, including Firefox 151 and Firefox ESR 115.36, and Firefox ESR 140.11. Updates have been released to mitigate the risks associated with this vulnerability, allowing users to enhance their browser security.

Affected Version(s)

Firefox 115.36

Firefox 140.11

Firefox 151

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2029511

https://www.mozilla.org/security/advisories/mfsa2026-46/

https://www.mozilla.org/security/advisories/mfsa2026-47/

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 19, 2026

Credit

stevej

CVE-2026-8953 Data

JSON

Mozilla

What is CVE-2026-8953?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit