CVE-2026-0879
CRITICALFirefox < 115.32.0, 140.7-140.*, <147.0, >=147 - Sandbox Escape via Graphics Component Boundary Condition
Title source: llmDescription
Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
References (32)
Core 32
Core References
Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=2004602
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-01/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-02/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-03/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-04/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2026-05/
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:0667
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:0694
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:0924
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1320
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1413
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1414
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1415
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1461
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1462
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1471
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:1487
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2041
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2043
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2044
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2047
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2069
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2070
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2073
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2074
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2220
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2231
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2271
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:2286
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-0879
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2428973
Scores
CVSS v3
9.8
EPSS
0.0053
EPSS Percentile
40.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-119
Status
published
Products (9)
mozilla/firefox
< 115.32.0
mozilla/firefox
< 147.0
Mozilla/Firefox
115.32 - 115.*
Mozilla/Firefox
140.7 - 140.*
Mozilla/Firefox
147
mozilla/thunderbird
< 140.7.0
mozilla/thunderbird
< 147.0
Mozilla/Thunderbird
140.7 - 140.*
Mozilla/Thunderbird
147
Published
Jan 13, 2026
Tracked Since
Feb 18, 2026