CVE Catalog
CVE-2026-2768
CriticalCVSS 10.0Exploitation Probability (EPSS)
Low risk0.37%
28th percentile - higher than 28% of all known CVEs
Summary
A sandbox escape vulnerability exists in the Storage: IndexedDB component. This flaw was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
Risk Assessment
An attacker can exploit this vulnerability to break out of the browser sandbox and gain access to the underlying operating system, potentially leading to full device compromise.
Recommendation
Immediately update Firefox to version 148 or later, Firefox ESR to version 140.8 or later, and Thunderbird to version 148 or 140.8.
Original NVD description (English source)
Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

