{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"CRITICAL" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"A sandbox escape vulnerability exists in the Profile Backup component of Mozilla Firefox. This vulnerability affects Firefox versions up to 150.0.2 and was fixed in version 150.0.3. An attacker could potentially exploit this vulnerability to bypass sandbox protections, impacting the confidentiality, integrity, and availability of the system.", "category":"general", "title":"Synopsis" } ], "publisher":null, "references":[ { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8401" }, { "summary":"CVE-2026-8401 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/cve/2026/csaf-openeuler-cve-2026-8401.json" }, { "summary":"openEuler-SA-2026-2394", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2394" }, { "summary":"CVE-2026-8401", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-8401&packageName=firefox" } ], "title":"openEuler cve CVE-2026-8401", "tracking":{ "initial_release_date":"2026-05-25T10:42:43+08:00", "revision_history":[ { "date":"2026-05-25T10:42:43+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-05-25T10:42:43+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-05-25T10:42:43+08:00", "id":"CVE-2026-8401", "version":"1.0.0", "status":"interim" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-140.11.0-1.oe2403.aarch64.rpm", "name":"firefox-140.11.0-1.oe2403.aarch64.rpm" }, "name":"firefox-140.11.0-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-debuginfo-140.11.0-1.oe2403.aarch64.rpm", "name":"firefox-debuginfo-140.11.0-1.oe2403.aarch64.rpm" }, "name":"firefox-debuginfo-140.11.0-1.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-debugsource-140.11.0-1.oe2403.aarch64.rpm", "name":"firefox-debugsource-140.11.0-1.oe2403.aarch64.rpm" }, "name":"firefox-debugsource-140.11.0-1.oe2403.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-140.11.0-1.oe2403.src.rpm", "name":"firefox-140.11.0-1.oe2403.src.rpm" }, "name":"firefox-140.11.0-1.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-140.11.0-1.oe2403.x86_64.rpm", "name":"firefox-140.11.0-1.oe2403.x86_64.rpm" }, "name":"firefox-140.11.0-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-debuginfo-140.11.0-1.oe2403.x86_64.rpm", "name":"firefox-debuginfo-140.11.0-1.oe2403.x86_64.rpm" }, "name":"firefox-debuginfo-140.11.0-1.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"firefox-debugsource-140.11.0-1.oe2403.x86_64.rpm", "name":"firefox-debugsource-140.11.0-1.oe2403.x86_64.rpm" }, "name":"firefox-debugsource-140.11.0-1.oe2403.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-140.11.0-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-140.11.0-1.oe2403.aarch64", "name":"firefox-140.11.0-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-debuginfo-140.11.0-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-debuginfo-140.11.0-1.oe2403.aarch64", "name":"firefox-debuginfo-140.11.0-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-debugsource-140.11.0-1.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-debugsource-140.11.0-1.oe2403.aarch64", "name":"firefox-debugsource-140.11.0-1.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-140.11.0-1.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-140.11.0-1.oe2403.src", "name":"firefox-140.11.0-1.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-140.11.0-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-140.11.0-1.oe2403.x86_64", "name":"firefox-140.11.0-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-debuginfo-140.11.0-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-debuginfo-140.11.0-1.oe2403.x86_64", "name":"firefox-debuginfo-140.11.0-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"firefox-debugsource-140.11.0-1.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:firefox-debugsource-140.11.0-1.oe2403.x86_64", "name":"firefox-debugsource-140.11.0-1.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-8401", "notes":[ { "text":"A sandbox escape vulnerability exists in the Profile Backup component of Mozilla Firefox. This vulnerability affects Firefox versions up to 150.0.2 and was fixed in version 150.0.3. An attacker could potentially exploit this vulnerability to bypass sandbox protections, impacting the confidentiality, integrity, and availability of the system.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{ "$ref":"$.vulnerabilities[0].product_status.fixed" } }, "remediations":[ { "product_ids":{ "$ref":"$.vulnerabilities[0].product_status.fixed" }, "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2394" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":{ "$ref":"$.vulnerabilities[0].product_status.fixed" } } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2026-8401" } ] }