Sandbox Escape in Firefox: Mozilla Vulnerability Alert
CVE-2026-8959

9.6CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 19 May 2026

What is CVE-2026-8959?

A vulnerability has been identified in Mozilla Firefox due to incorrect boundary conditions in the Widget: Win32 component, allowing for potential sandbox escape. This flaw primarily impacts versions prior to Firefox 151 and Firefox ESR 140.11, making it crucial for users to update their browsers to maintain security and protect against unauthorized access. Mozilla has addressed this vulnerability through patches in the latest versions. Ensure your system is running the most up-to-date software to mitigate risks.

Affected Version(s)

Firefox 140.11

Firefox 151

Thunderbird 140.11

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2034754

https://www.mozilla.org/security/advisories/mfsa2026-46/

https://www.mozilla.org/security/advisories/mfsa2026-48/

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2026
Vulnerability Reserved
May 19, 2026

Credit

Ameen Basha M K

CVE-2026-8959 Data

JSON