CVE-2026-7321

Published Apr 28, 2026

Last updated 2 hours ago

CVSS critical 9.6

Overview

Description: Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1.
Source: security@mozilla.org
NVD status: Analyzed
Products: firefox, thunderbird

Risk scores

CVSS 3.1

Type: Secondary
Base score: 9.6
Impact score: 6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-120

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
            "matchCriteriaId": "0772C464-37C8-4124-AAFC-66D7C1BEA6DE",
            "versionEndExcluding": "140.10.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
            "matchCriteriaId": "67B01D49-66FA-4C76-9EB4-2B8CD61FBEB2",
            "versionEndExcluding": "150.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*",
            "matchCriteriaId": "1E82C76E-35A0-4513-A8A8-D20DAF8C7F4B",
            "versionEndExcluding": "140.10.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*",
            "matchCriteriaId": "5DDDA58D-2B1E-4956-9CC2-45B3017F3F0B",
            "versionEndExcluding": "150.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References