CVE-2026-8953 PUBLISHED

Sandbox escape due to use-after-free in the Disability Access APIs component

Assigner: mozilla
Reserved: 19.05.2026 Published: 19.05.2026 Updated: 19.05.2026

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, and Firefox ESR 140.11.

Product Status

Vendor	Mozilla
Product	Firefox
Versions	unaffected from 115.36 to 115.* (incl.) unaffected from 140.11 to 140.* (incl.) unaffected from 151 to * (incl.)

Credits

stevej

References

https://bugzilla.mozilla.org/show_bug.cgi?id=2029511
https://www.mozilla.org/security/advisories/mfsa2026-46/
https://www.mozilla.org/security/advisories/mfsa2026-47/
https://www.mozilla.org/security/advisories/mfsa2026-48/