CVE Catalog
CVE-2026-8401
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.31%
23th percentile — higher than 23% of all known CVEs
Summary
A sandbox escape vulnerability exists in the Profile Backup component of Firefox and Thunderbird. It is fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
Risk Assessment
An attacker could exploit this flaw to break out of the sandbox, potentially accessing sensitive data or escalating privileges on the host system.
Recommendation
Immediately update Firefox to version 150.0.3 or later, Firefox ESR to 115.36/140.11, and Thunderbird to 140.11.
Original NVD description (English source)
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.

