VDB
DEBIAN-CVE-2026-7321
DEBIAN-CVE-2026-7321
PUBLISHED
CVSS 9.600000381469727 CRITICAL
Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, Firefox ESR 140.10.1, and Thunderbird 140.10.1.
Risk Scores
CVSS v3.1
9.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | firefox-esr | 115.3.1, 91.9.1, 91.9.1 |
| Debian:14 | thunderbird | 0, 140.9.1, 140.9.1 |
| Debian:13 | thunderbird | 140.8.0, 0, 128.13.0 |
| Debian:13 | firefox-esr | *, 0, 140.5.0esr-1~deb11u1 |
| Debian:12 | firefox-esr | 140.9.1, 0, 102.11.0esr-1 |
| Debian:11 | thunderbird | 115.8.0-1, 91.7.0-2, 91.7.0-2 |
| Debian:12 | thunderbird | 122.0, 140.3.1, 140.3.0 |
| Debian:14 | firefox-esr | 140.7.0esr-1, 140.7.0esr-1~deb11u1, 140.7.0esr-1~deb13u1 |
Timeline
- Apr 28, 2026 CVE Published
- May 6, 2026 CVE Updated