Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability

Technical Severity

CRITICAL

10 / 10

Minimal Risk Critical

Vector Specification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitation Likelihood

68.88 %

Predictive Probability

Percentile Rank

98.6 th

Documented as more likely to be exploited than 98.6% of known CVEs.

Detection Date

May 23, 2022

Remediation Due

Jun 13, 2022

CISA Catalog Active

Threat Analysis

Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution.

Apply updates per vendor instructions.

Vendor Identity

Mozilla

Affected Product

Firefox and Thunderbird

Ransomware Status

Campaign Use Unknown

Weakness Classification

CWE-20

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2019-11708