CVE-2026-12294: firefox: thunderbird: Sandbox escape in the DOM: Workers component

Severity: Critical

CVSS Score: 9.6

Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.