Description
Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1.
Published: 2026-04-28
Score: 9.6 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The updated description details a sandbox escape caused by incorrect boundary conditions in the WebRTC networking component. This flaw allows an attacker to bypass the isolation provided by the browser’s sandbox, potentially executing code or accessing memory locations beyond the intended boundaries. The vulnerability affects the WebRTC stack, which may become a vector for arbitrary code execution once exploited. The fix is included in Firefox 150, Thunderbird 150, and the ESR 140.10.1 builds.

Affected Systems

Mozilla Firefox, all releases prior to version 150, and Mozilla Thunderbird, all releases prior to version 150, are affected. The ESR 140.10.1 build (and the corresponding Thunderbird 140.10.1 build) are fixed and do not contain the flaw. Any system running an affected build with WebRTC enabled is potentially vulnerable, while users on other browsers are not impacted.

Risk and Exploitability

The CVSS score of 9.6 denotes a very high severity risk. The EPSS score of 0.00045 indicates a very low probability of exploitation, though still non‑zero, and the vulnerability is not listed in CISA's KEV catalog. Attackers could exploit this sandbox escape by sending malicious WebRTC traffic to a vulnerable browser with the component enabled, which could lead to arbitrary code execution within the browser context. The likely attack vector is inferred from the description, as it is not explicitly stated in the input.

Generated by OpenCVE AI on May 12, 2026 at 01:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Firefox to ESR 140.10.1 or later to receive the vendor’s fix.
  • Update Thunderbird to version 150 or later to receive the vendor’s fix.
  • If an update cannot be applied immediately, disable WebRTC by altering the about:config setting "media.peerconnection.enabled" to false to block the component that contains the flaw.
  • Continue to monitor Mozilla security advisories for additional patches or guidance.

Generated by OpenCVE AI on May 12, 2026 at 01:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4555-1 firefox-esr security update
Debian DLA Debian DLA DLA-4562-1 thunderbird security update
Debian DSA Debian DSA DSA-6236-1 firefox-esr security update
Debian DSA Debian DSA DSA-6242-1 thunderbird security update
History

Tue, 12 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-501
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 01 May 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla thunderbird
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
Vendors & Products Mozilla thunderbird

Thu, 30 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, and Firefox ESR 140.10.1. Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1.
References

Wed, 29 Apr 2026 06:00:00 +0000

Type Values Removed Values Added
Description Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1. Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, and Firefox ESR 140.10.1.
References

Tue, 28 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Vendors & Products Mozilla
Mozilla firefox

Tue, 28 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox ESR 140.10.1.
Title Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component
References

Subscriptions

Mozilla Firefox Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-30T17:19:49.963Z

Reserved: 2026-04-28T13:42:16.846Z

Link: CVE-2026-7321

cve-icon Vulnrichment

Updated: 2026-04-28T14:48:26.139Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-28T15:16:37.550

Modified: 2026-05-01T17:54:04.827

Link: CVE-2026-7321

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-28T13:49:12Z

Links: CVE-2026-7321 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T02:00:05Z

Weaknesses