CVE-2026-8945
Mozilla · Firefox and Firefox Focus for Android
A sandbox escape vulnerability in Firefox and Firefox Focus for Android allows attackers to bypass security restrictions.
Executive summary
A critical sandbox escape vulnerability in Firefox and Firefox Focus for Android enables attackers to bypass essential security boundaries and gain unauthorized system access.
Vulnerability
This vulnerability is a sandbox escape flaw that permits an attacker to break out of the browser's security container. The exact authentication requirements are unspecified, but such escapes typically involve interacting with malicious web content.
Business impact
Successful exploitation allows an attacker to elevate privileges beyond the restricted sandbox environment, leading to full application compromise or potential access to device data. The CVSS score of 7.5 highlights the high severity, particularly for mobile devices containing sensitive corporate information.
Remediation
Immediate Action: Promptly update the Firefox and Firefox Focus applications via the official Google Play Store or authorized enterprise distribution channels.
Proactive Monitoring: Review mobile device management (MDM) logs for unusual application behavior or unexpected privilege escalation alerts on Android endpoints.
Compensating Controls: Enforce strict mobile security policies and utilize App-level sandboxing or containerization tools where available to isolate corporate data.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Sandbox escapes are critical failures in browser security architecture and should be addressed with the highest urgency. Security teams must ensure all mobile assets are updated to the current secure version to prevent unauthorized access to corporate resources.