CVE-2026-0880

high

Description

Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

References

https://www.mozilla.org/security/advisories/mfsa2026-05/

https://www.mozilla.org/security/advisories/mfsa2026-04/

https://www.mozilla.org/security/advisories/mfsa2026-03/

https://www.mozilla.org/security/advisories/mfsa2026-02/

https://www.mozilla.org/security/advisories/mfsa2026-01/

https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0880.json

https://bugzilla.redhat.com/show_bug.cgi?id=2428975

https://bugzilla.mozilla.org/show_bug.cgi?id=2005014

https://access.redhat.com/security/cve/CVE-2026-0880

https://access.redhat.com/errata/RHSA-2026:2286

https://access.redhat.com/errata/RHSA-2026:2271

https://access.redhat.com/errata/RHSA-2026:2231

https://access.redhat.com/errata/RHSA-2026:2220

https://access.redhat.com/errata/RHSA-2026:2074

https://access.redhat.com/errata/RHSA-2026:2073

https://access.redhat.com/errata/RHSA-2026:2070

https://access.redhat.com/errata/RHSA-2026:2069

https://access.redhat.com/errata/RHSA-2026:2047

https://access.redhat.com/errata/RHSA-2026:2044

https://access.redhat.com/errata/RHSA-2026:2043

https://access.redhat.com/errata/RHSA-2026:2041

https://access.redhat.com/errata/RHSA-2026:1487

https://access.redhat.com/errata/RHSA-2026:1471

https://access.redhat.com/errata/RHSA-2026:1462

https://access.redhat.com/errata/RHSA-2026:1461

https://access.redhat.com/errata/RHSA-2026:1415

https://access.redhat.com/errata/RHSA-2026:1414

https://access.redhat.com/errata/RHSA-2026:1413

https://access.redhat.com/errata/RHSA-2026:1320

https://access.redhat.com/errata/RHSA-2026:0924

https://access.redhat.com/errata/RHSA-2026:0694

https://access.redhat.com/errata/RHSA-2026:0667

Details

Source: Mitre, NVD

Published: 2026-01-13

Updated: 2026-06-30

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00038