4.7
CVE-2026-12311
- EPSS 0.19%
- Veröffentlicht 16.06.2026 11:52:44
- Zuletzt bearbeitet 16.06.2026 20:45:26
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
Information disclosure, sandbox escape in the Security: Process Sandboxing component
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird SwEdition- Version < 152.0.0
Mozilla ≫ Thunderbird SwEditionesr Version >= 140.0 < 140.12.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.082 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.7 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-688 Function Call With Incorrect Variable or Reference as Argument
The product calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.
https://www.mozilla.org/security/advisories/mfsa2026-57/
https://www.mozilla.org/security/advisories/mfsa2026-58/
https://bugzilla.mozilla.org/show_bug.cgi?id=2040177
https://www.mozilla.org/security/advisories/mfsa2026-60/
https://www.mozilla.org/security/advisories/mfsa2026-61/