Sandbox escape due to incorrect boundary conditions in the Networking...

9.6 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Basic Information

ID CVE-2026-12297

Source mozilla

Published Jun 16, 2026 at 11:52

Modified Jun 18, 2026 at 16:10

Affected Product

Vendor Mozilla

Product Firefox

Version 115.37

CWE Classification

CWE-119

References

{
    "lastseen": "",
    "description": "Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.",
    "published": "2026-06-16T11:52:30.907Z",
    "modified": "2026-06-18T16:10:54.170Z",
    "type": "cve",
    "title": "Sandbox escape due to incorrect boundary conditions in the Networking component",
    "source": "mozilla",
    "references": "https://bugzilla.mozilla.org/show_bug.cgi?id=2041610\nhttps://www.mozilla.org/security/advisories/mfsa2026-57/\nhttps://www.mozilla.org/security/advisories/mfsa2026-58/\nhttps://www.mozilla.org/security/advisories/mfsa2026-59/\nhttps://www.mozilla.org/security/advisories/mfsa2026-60/\nhttps://www.mozilla.org/security/advisories/mfsa2026-61/",
    "id": "CVE-2026-12297",
    "bulletinFamily": "",
    "cwe": [
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 9.6,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Firefox",
    "version": "115.37",
    "vendor": "Mozilla",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Sandbox escape due to incorrect boundary conditions in the Networking component_CVE-2026-12297