CVE-2026-0879

high

Description

Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

References

https://www.mozilla.org/security/advisories/mfsa2026-05/

https://www.mozilla.org/security/advisories/mfsa2026-04/

https://www.mozilla.org/security/advisories/mfsa2026-03/

https://www.mozilla.org/security/advisories/mfsa2026-02/

https://www.mozilla.org/security/advisories/mfsa2026-01/

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0879.json

https://bugzilla.redhat.com/show_bug.cgi?id=2428973

https://bugzilla.mozilla.org/show_bug.cgi?id=2004602

https://access.redhat.com/security/cve/CVE-2026-0879

https://access.redhat.com/errata/RHSA-2026:2286

https://access.redhat.com/errata/RHSA-2026:2271

https://access.redhat.com/errata/RHSA-2026:2231

https://access.redhat.com/errata/RHSA-2026:2220

https://access.redhat.com/errata/RHSA-2026:2074

https://access.redhat.com/errata/RHSA-2026:2073

https://access.redhat.com/errata/RHSA-2026:2070

https://access.redhat.com/errata/RHSA-2026:2069

https://access.redhat.com/errata/RHSA-2026:2047

https://access.redhat.com/errata/RHSA-2026:2044

https://access.redhat.com/errata/RHSA-2026:2043

https://access.redhat.com/errata/RHSA-2026:2041

https://access.redhat.com/errata/RHSA-2026:1487

https://access.redhat.com/errata/RHSA-2026:1471

https://access.redhat.com/errata/RHSA-2026:1462

https://access.redhat.com/errata/RHSA-2026:1461

https://access.redhat.com/errata/RHSA-2026:1415

https://access.redhat.com/errata/RHSA-2026:1414

https://access.redhat.com/errata/RHSA-2026:1413

https://access.redhat.com/errata/RHSA-2026:1320

https://access.redhat.com/errata/RHSA-2026:0924

https://access.redhat.com/errata/RHSA-2026:0694

https://access.redhat.com/errata/RHSA-2026:0667

Details

Source: Mitre, NVD

Published: 2026-01-13

Updated: 2026-06-30

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00044