critical advisory March 24, 2026

Firefox and Thunderbird Sandbox Escape Vulnerability (CVE-2026-4687)

CVE-2026-4687 is a sandbox escape vulnerability in Firefox and Thunderbird due to incorrect boundary conditions in the Telemetry component, potentially allowing an attacker to execute arbitrary code outside the sandbox.

CVE-2026-4687 is a critical sandbox escape vulnerability affecting Mozilla Firefox and Thunderbird. The vulnerability stems from incorrect boundary conditions within the Telemetry component. Specifically, Firefox versions prior to 149, Firefox ESR versions prior to 115.34 and 140.9, and Thunderbird versions prior to 149 and 140.9 are affected. Successful exploitation could allow an attacker to bypass the intended security restrictions of the sandbox environment and potentially execute arbitrary…

Detection coverage 2

Detect Firefox/Thunderbird Telemetry Sandbox Escape Attempt

critical

Detects potential exploitation attempts of CVE-2026-4687 by monitoring for unusual process behavior originating from Firefox or Thunderbird related to telemetry.

sigma tactics: defense_evasion, privilege_escalation techniques: T1068 sources: process_creation, windows

Detect Firefox/Thunderbird Unusual Network Connection via Telemetry

high

Detects potential exploitation attempts of CVE-2026-4687 by monitoring for unusual network connections originating from Firefox or Thunderbird related to telemetry.

sigma tactics: command_and_control techniques: T1071.001 sources: network_connection, windows

Detection queries are kept inside the platform. Get full rules →