Description
Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
Published: 2026-03-24
Score: 9.6 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

This vulnerability permits code to escape the sandbox of the Responsive Design Mode component, allowing an attacker to execute arbitrary code on the host. An attacker can compromise the integrity and confidentiality of the system by injecting and running malicious scripts that bypass the browser or email client’s protected environment. The impact can span from local privilege escalation to full remote code execution depending on the context in which the vulnerable component is used.

Affected Systems

Affected products are Mozilla Firefox and Mozilla Thunderbird. The vulnerability exists in Firefox releases older than version 149, and in Firefox ESR versions older than 115.34 as well as older than 140.9. In Thunderbird the same version thresholds apply: all releases prior to 149 or ESR versions prior to 140.9 are vulnerable.

Risk and Exploitability

The CVSS score is 9.6, indicating critical severity. EPSS is below 1% and the issue is not listed in the CISA KEV catalog, suggesting low current exploit activity, but the potential for abuse remains. Exploitation requires loading malicious web content or email that triggers Responsive Design Mode, so likely needs a user to visit a crafted site or open a mail attachment. Because the flaw is a sandbox escape, standard browser isolation mechanisms are insufficient, making the attack straightforward once the vulnerable component is activated.

Generated by OpenCVE AI on March 26, 2026 at 14:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest update to Mozilla Firefox or Thunderbird that includes the fix for CVE-2026-4692
  • Verify that the installed version is 149 or newer for Firefox and 149 or newer for Thunderbird, or ESR 115.34+ / 140.9+ to ensure the vulnerability is patched
  • Enable automatic updates for both browsers to receive security patches promptly
  • As a temporary measure, avoid using Responsive Design Mode until a patch is applied, or disable the feature via developer tools if possible

Generated by OpenCVE AI on March 26, 2026 at 14:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4510-1 firefox-esr security update
Debian DLA Debian DLA DLA-4511-1 thunderbird security update
Debian DSA Debian DSA DSA-6178-1 firefox-esr security update
Debian DSA Debian DSA DSA-6179-1 thunderbird security update
History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-285

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-653
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-285

Wed, 25 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla thunderbird
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
Vendors & Products Mozilla thunderbird

Wed, 25 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla firefox Esr
Vendors & Products Mozilla
Mozilla firefox
Mozilla firefox Esr

Tue, 24 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Description Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9. Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9.
References

Tue, 24 Mar 2026 12:45:00 +0000

Type Values Removed Values Added
Description Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.
Title Sandbox escape in the Responsive Design Mode component
References

Subscriptions

Mozilla Firefox Firefox Esr Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T13:48:45.652Z

Reserved: 2026-03-23T23:21:46.185Z

Link: CVE-2026-4692

cve-icon Vulnrichment

Updated: 2026-03-25T14:07:18.424Z

cve-icon NVD

Status : Modified

Published: 2026-03-24T13:16:05.040

Modified: 2026-04-13T15:17:38.053

Link: CVE-2026-4692

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-24T12:30:24Z

Links: CVE-2026-4692 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:21:09Z

Weaknesses