Mozilla Firefox and Thunderbird Use-After-Free Vulnerability (CVE-2026-4688)
A use-after-free vulnerability in the Disability Access APIs component of Mozilla Firefox and Thunderbird (CVE-2026-4688) allows for sandbox escape, potentially leading to arbitrary code execution outside the sandbox.
CVE-2026-4688 is a critical use-after-free vulnerability residing within the Disability Access APIs component of Mozilla Firefox and Thunderbird. Discovered and reported by Mozilla, this flaw allows for a sandbox escape, meaning an attacker could potentially execute arbitrary code outside the security sandbox normally imposed by the browser or email client. This vulnerability affects Firefox versions prior to 149, Firefox ESR (Extended Support Release) versions prior to 140.9, Thunderbird…
Detection coverage 2
Detect Firefox Crash with specific crash signature (Use-After-Free in Disability Access APIs)
highDetects Firefox crashes potentially related to the CVE-2026-4688 vulnerability based on crash signatures.
Detect Thunderbird Crash with specific crash signature (Use-After-Free in Disability Access APIs)
highDetects Thunderbird crashes potentially related to the CVE-2026-4688 vulnerability based on crash signatures.
Detection queries are kept inside the platform. Get full rules →