CVE Catalog

CVE-2026-0879

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.53%

40th percentile - higher than 40% of all known CVEs

Summary

A sandbox escape vulnerability exists in the Graphics component of Firefox and Thunderbird due to incorrect boundary conditions. The flaw is fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Risk Assessment

An attacker can exploit this vulnerability to break out of the sandbox and gain access to the underlying operating system, leading to full compromise of data confidentiality, integrity, and availability.

Recommendation

Immediately update Firefox and Thunderbird to the patched versions listed in the description (Firefox 147, ESR 115.32/140.7, Thunderbird 147/140.7).

Original NVD description (English source)

Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS