CVE-2026-2776 PUBLISHED

Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software

Assigner: mozilla
Reserved: 19.02.2026 Published: 24.02.2026 Updated: 24.02.2026

Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8.

Product Status

Vendor	Mozilla
Product	Firefox
Versions	affected from unspecified to 148 (excl.)

Vendor	Mozilla
Product	Firefox ESR
Versions	affected from unspecified to 115.33 (excl.)

Vendor	Mozilla
Product	Firefox ESR
Versions	affected from unspecified to 140.8 (excl.)

Credits

Sajeeb Lohani

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2015266
https://www.mozilla.org/security/advisories/mfsa2026-13/
https://www.mozilla.org/security/advisories/mfsa2026-14/
https://www.mozilla.org/security/advisories/mfsa2026-15/