Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
https://www.mozilla.org/security/advisories/mfsa2026-05/
https://www.mozilla.org/security/advisories/mfsa2026-04/
https://www.mozilla.org/security/advisories/mfsa2026-03/
https://www.mozilla.org/security/advisories/mfsa2026-01/
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0878.json
https://bugzilla.redhat.com/show_bug.cgi?id=2428965
https://bugzilla.mozilla.org/show_bug.cgi?id=2003989
https://access.redhat.com/security/cve/CVE-2026-0878
https://access.redhat.com/errata/RHSA-2026:2286
https://access.redhat.com/errata/RHSA-2026:2271
https://access.redhat.com/errata/RHSA-2026:2231
https://access.redhat.com/errata/RHSA-2026:2220
https://access.redhat.com/errata/RHSA-2026:2074
https://access.redhat.com/errata/RHSA-2026:2073
https://access.redhat.com/errata/RHSA-2026:2070
https://access.redhat.com/errata/RHSA-2026:2069
https://access.redhat.com/errata/RHSA-2026:2047
https://access.redhat.com/errata/RHSA-2026:2044
https://access.redhat.com/errata/RHSA-2026:2043
https://access.redhat.com/errata/RHSA-2026:2041
https://access.redhat.com/errata/RHSA-2026:1487
https://access.redhat.com/errata/RHSA-2026:1471
https://access.redhat.com/errata/RHSA-2026:1462
https://access.redhat.com/errata/RHSA-2026:1461
https://access.redhat.com/errata/RHSA-2026:1415
https://access.redhat.com/errata/RHSA-2026:1414
https://access.redhat.com/errata/RHSA-2026:1413
https://access.redhat.com/errata/RHSA-2026:1320
https://access.redhat.com/errata/RHSA-2026:0924