CVE-2026-0879
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk40th percentile - higher than 40% of all known CVEs
Summary
A sandbox escape vulnerability exists in the Graphics component of Firefox and Thunderbird due to incorrect boundary conditions. The flaw is fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
Risk Assessment
An attacker can exploit this vulnerability to break out of the sandbox and gain access to the underlying operating system, leading to full compromise of data confidentiality, integrity, and availability.
Recommendation
Immediately update Firefox and Thunderbird to the patched versions listed in the description (Firefox 147, ESR 115.32/140.7, Thunderbird 147/140.7).
Original NVD description (English source)
Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

