CVE-2026-7321PATCHED

mozilla · firefox esr

Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component

Description

Sandbox escape due to incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Thunderbird 150, and Firefox ESR 140.10.1.

Affected Products

Vendor	Product	Versions
mozilla	firefox esr	—

References

Related News (1 articles)

Tier C

VulDB20h ago

CVE-2026-7321 | Mozilla Firefox ESR up to 140.10.0 WebRTC sandbox

→ No new info (linked only)

CVSS 3.19.6 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

140.10.1

PublishedApr 28, 2026

Last enriched20h agov2

Trending Score32

Source articles1

Independent1

Info Completeness8/14

Missing: epss, cwe, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-7324EXP

Memory safety bugs fixed in Firefox 150.0.1 and Thunderbird 150.0.1

Trending: 75

HIGHCVE-2026-7320EXP

Information disclosure due to incorrect boundary conditions in the Audio/Video component

Trending: 67

HIGHCVE-2026-7322EXP

Memory safety bugs fixed in Firefox ESR 115.35.1, Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1

Trending: 58

HIGHCVE-2026-7323

Memory safety bugs fixed in Firefox ESR 140.10.1, Thunderbird ESR 140.10.1, Firefox 150.0.1 and Thunderbird 150.0.1

Trending: 39

CRITICALCVE-2026-6768EXP

Mitigation bypass in the Networking: Cookies component

Trending: 26

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 28, 2026

Discovered by ZDM

Apr 28, 2026

Updated: affectedVersions

Apr 28, 2026

Patch Available

Apr 29, 2026

Version History

Last enriched 20h ago

v2Tier C20h ago

Updated affected versions to include 140.10.0 and corrected exploit availability to false.

affectedVersions

via VulDB

v123h ago

Initial creation