CVE-2026-4692: Sandbox escape in the Responsive Design Mode component

Q: What is the severity of CVE-2026-4692?

The severity of CVE-2026-4692 is critical with a CVSS score of 10.

Q: How do I fix CVE-2026-4692?

To fix CVE-2026-4692, update to Firefox version 149, Firefox ESR version 115.34, Firefox ESR 140.9, or Thunderbird 149.

Q: Which software is affected by CVE-2026-4692?

CVE-2026-4692 affects Mozilla Firefox versions below 149, Firefox ESR versions below 115.34, and Thunderbird versions below 149.

Q: What is the nature of the vulnerability in CVE-2026-4692?

CVE-2026-4692 is a sandbox escape vulnerability in the Responsive Design Mode component.

Q: When was CVE-2026-4692 published?

CVE-2026-4692 was published on March 24, 2026.

Published Mar 24, 2026

Updated

Sandbox escape in the Responsive Design Mode component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.

Other sources

Sandbox escape in the Responsive Design Mode component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.

— MITRE

Affected Software

12 affected componentsFixes available

Mozilla Firefox<149

Mozilla Firefox ESR<115.34, <140.9

Mozilla Firefox<149

149

Mozilla Firefox ESR<115.34

115.34

Mozilla Firefox ESR<140.9

140.9

Mozilla Thunderbird<140.9

140.9

Mozilla Thunderbird<149

149

Mozilla Firefox<115.34.0

Mozilla Firefox<149.0

Mozilla Firefox>=128.0<140.9.0

Mozilla Thunderbird<140.9.0

Mozilla Thunderbird<149.0

Event History

Mar 24, 2026

CVE Published

via Mozilla·12:00 AM

Data Sourced

via Mozilla·12:00 AM

DescriptionSeverityAffected Software

Updated

via Mozilla·12:00 AM

Affected Software

CVE Published

via MITRE·12:30 PM

Data Sourced

via MITRE·12:30 PM

Description

Data Sourced

via Red Hat·01:03 PM

DescriptionSeverityAffected Software

Data Sourced

via NVD·01:16 PM

DescriptionSeverityAffected Software

Apr 7, 58249

Event

via FIRST·08:42 AM

Parent advisories

This vulnerability appears in the following advisories.

Frequently Asked Questions

What is the severity of CVE-2026-4692?

The severity of CVE-2026-4692 is critical with a CVSS score of 10.

How do I fix CVE-2026-4692?

To fix CVE-2026-4692, update to Firefox version 149, Firefox ESR version 115.34, Firefox ESR 140.9, or Thunderbird 149.

Which software is affected by CVE-2026-4692?

CVE-2026-4692 affects Mozilla Firefox versions below 149, Firefox ESR versions below 115.34, and Thunderbird versions below 149.

What is the nature of the vulnerability in CVE-2026-4692?

CVE-2026-4692 is a sandbox escape vulnerability in the Responsive Design Mode component.

When was CVE-2026-4692 published?

CVE-2026-4692 was published on March 24, 2026.

CVE-2026-4692: Sandbox escape in the Responsive Design Mode component

Other sources

Affected Software

Event History

Parent advisories

Peer vulnerabilities

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2026-4692?

How do I fix CVE-2026-4692?

Which software is affected by CVE-2026-4692?

What is the nature of the vulnerability in CVE-2026-4692?

When was CVE-2026-4692 published?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2026-4692?

How do I fix CVE-2026-4692?

Which software is affected by CVE-2026-4692?

What is the nature of the vulnerability in CVE-2026-4692?

When was CVE-2026-4692 published?