CVE Catalog

CVE-2026-8959

Critical
Published: Translated: NVD NIST

Summary

CVE-2026-8959 is a vulnerability due to incorrect boundary conditions in the Widget: Win32 component, allowing for sandbox escape. It has been fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Risk Assessment

Allowing attackers to escape the sandbox may lead to unauthorized access to the system and user data. This poses a serious security threat to the organization.

Recommendation

It is recommended to update to the latest versions of Firefox and Thunderbird to mitigate this vulnerability. Regular software updates are crucial for maintaining security.

Original NVD description (English source)

Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS