Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.

rocky_linux RLSA-2026:0667: RLSA-2026:0667: firefox security update (Important)

rocky_linux RLSA-2026:0694: RLSA-2026:0694: firefox security update (Important)

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6101 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-6101-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     January 15, 2026                      https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : firefox-esr     CVE ID         : CVE-2025-14327 CVE-2026-0877 CVE-2026-0878 CVE-2026-0879                      CVE-2026-0880 CVE-2026-0882 CVE-2026-0883 CVE-2026-0884                      CVE-2026-0885 CVE-2026-0886 CVE-2026-0887 CVE-2026-0890                      CVE-2026-0891

    Multiple security issues have been found in the Mozilla Firefox web     browser, which could potentially result in the execution of arbitrary     code, sandbox escape, information disclosure or spoofing.

    For the oldstable distribution (bookworm), these problems have been fixed     in version 140.7.0esr-1~deb12u1.

    For the stable distribution (trixie), these problems have been fixed in     version 140.7.0esr-1~deb13u1.

    We recommend that you upgrade your firefox-esr packages.

    For the detailed security status of firefox-esr please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/firefox-esr

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4439 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4439-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/               Emilio Pozuelo Monfort     January 15, 2026                              https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : firefox-esr     Version        : 140.7.0esr-1~deb11u1     CVE ID         : CVE-2025-14327 CVE-2026-0877 CVE-2026-0878 CVE-2026-0879                      CVE-2026-0880 CVE-2026-0882 CVE-2026-0883 CVE-2026-0884                      CVE-2026-0885 CVE-2026-0886 CVE-2026-0887 CVE-2026-0890                      CVE-2026-0891

    Multiple security issues have been found in the Mozilla Firefox web     browser, which could potentially result in the execution of arbitrary     code, sandbox escape, information disclosure or spoofing.

    For Debian 11 bullseye, these problems have been fixed in version     140.7.0esr-1~deb11u1.

    We recommend that you upgrade your firefox-esr packages.

    For the detailed security status of firefox-esr please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/firefox-esr

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0694 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Spoofing issue in the Downloads Panel component (CVE-2025-14327)

    * firefox: Use-after-free in the JavaScript: GC component (CVE-2026-0885)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147     and Thunderbird 147 (CVE-2026-0891)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2026-0878)

    * firefox: Use-after-free in the IPC component (CVE-2026-0882)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-0884)

    * firefox: Information disclosure in the Networking component (CVE-2026-0883)

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-0877)

    * firefox: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component (CVE-2026-0890)

    * firefox: Clickjacking issue, information disclosure in the PDF Viewer component (CVE-2026-0887)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics component (CVE-2026-0879)

    * firefox: Sandbox escape due to integer overflow in the Graphics component (CVE-2026-0880)

    * firefox: Incorrect boundary conditions in the Graphics component (CVE-2026-0886)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 147.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-04 advisory.

  - Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2026-0892)

  - Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thunderbird     < 147. (CVE-2026-0881)

  - Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR <     115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. (CVE-2026-0877)

  - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This     vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
    (CVE-2026-0878)

  - Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects     Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
    (CVE-2026-0879)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-05 advisory.

  - Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird <     146, Firefox ESR < 140.7, and Thunderbird < 140.7. (CVE-2025-14327)

  - Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR <     115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. (CVE-2026-0877)

  - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This     vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
    (CVE-2026-0878)

  - Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects     Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
    (CVE-2026-0879)

  - Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox <     147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
    (CVE-2026-0880)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 140.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-05 advisory.

  - Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146, Thunderbird <     146, Firefox ESR < 140.7, and Thunderbird < 140.7. (CVE-2025-14327)

  - Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR <     115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. (CVE-2026-0877)

  - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This     vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
    (CVE-2026-0878)

  - Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects     Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
    (CVE-2026-0879)

  - Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox <     147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
    (CVE-2026-0880)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 147.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-04 advisory.

  - Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2026-0892)

  - Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147 and Thunderbird     < 147. (CVE-2026-0881)

  - Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR <     115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. (CVE-2026-0877)

  - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This     vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
    (CVE-2026-0878)

  - Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects     Firefox < 147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
    (CVE-2026-0879)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0667 advisory.

    Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and     portability.

    Security Fix(es):

    * firefox: Spoofing issue in the Downloads Panel component (CVE-2025-14327)

    * firefox: Use-after-free in the JavaScript: GC component (CVE-2026-0885)

    * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147     and Thunderbird 147 (CVE-2026-0891)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component     (CVE-2026-0878)

    * firefox: Use-after-free in the IPC component (CVE-2026-0882)

    * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-0884)

    * firefox: Information disclosure in the Networking component (CVE-2026-0883)

    * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-0877)

    * firefox: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component (CVE-2026-0890)

    * firefox: Clickjacking issue, information disclosure in the PDF Viewer component (CVE-2026-0887)

    * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics component (CVE-2026-0879)

    * firefox: Sandbox escape due to integer overflow in the Graphics component (CVE-2026-0880)

    * firefox: Incorrect boundary conditions in the Graphics component (CVE-2026-0886)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0122-1 advisory.

    Update to Firefox Extended Support Release 140.7.0 ESR (bsc#1256340).

    - MFSA 2026-03
      * CVE-2026-0877: Mitigation bypass in the DOM: Security component
      * CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL     component
      * CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the Graphics component
      * CVE-2026-0880: Sandbox escape due to integer overflow in the Graphics component
      * CVE-2026-0882: Use-after-free in the IPC component
      * CVE-2025-14327: Spoofing issue in the Downloads Panel component
      * CVE-2026-0883: Information disclosure in the Networking component
      * CVE-2026-0884: Use-after-free in the JavaScript Engine component
      * CVE-2026-0885: Use-after-free in the JavaScript: GC component
      * CVE-2026-0886: Incorrect boundary conditions in the Graphics component
      * CVE-2026-0887: Clickjacking issue, information disclosure in the PDF Viewer component
      * CVE-2026-0890: Spoofing issue in the DOM: Copy-Paste and Drag-Drop component
      * CVE-2026-0891: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and     Thunderbird 147

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0136a5ab4e advisory.

    - New upstream release (147.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-firefox installed on the remote host is prior to 140.7.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-014-02 advisory.

    New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the mozilla-firefox security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 147.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-01 advisory.

  - Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2026-0892)

  - Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147.
    (CVE-2026-0881)

  - Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR <     115.32, and Firefox ESR < 140.7. (CVE-2026-0877)

  - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This     vulnerability affects Firefox < 147 and Firefox ESR < 140.7. (CVE-2026-0878)

  - Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects     Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7. (CVE-2026-0879)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 115.32. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-02 advisory.

  - Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and     Firefox ESR < 140.7. (CVE-2026-0882)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 140.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-03 advisory.

  - Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146 and Thunderbird     < 146. (CVE-2025-14327)

  - Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and     Firefox ESR < 140.7. (CVE-2026-0882)

  - Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2026-0891)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 147.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-01 advisory.

  - Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2026-0892)

  - Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147.
    (CVE-2026-0881)

  - Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 147, Firefox ESR <     115.32, and Firefox ESR < 140.7. (CVE-2026-0877)

  - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This     vulnerability affects Firefox < 147 and Firefox ESR < 140.7. (CVE-2026-0878)

  - Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects     Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7. (CVE-2026-0879)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 140.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-03 advisory.

  - Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox < 146 and Thunderbird     < 146. (CVE-2025-14327)

  - Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and     Firefox ESR < 140.7. (CVE-2026-0882)

  - Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2026-0891)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.32. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-02 advisory.

  - Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and     Firefox ESR < 140.7. (CVE-2026-0882)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-de370822e0 advisory.

    - New upstream release (147.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox <     147, Firefox ESR < 115.32, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
    (CVE-2026-0880)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
287950	Debian dsa-6101 : firefox-esr - security update	Nessus	Debian Local Security Checks	high
287949	Debian dla-4439 : firefox-esr - security update	Nessus	Debian Local Security Checks	high
286369	RHEL 9 : firefox (RHSA-2026:0694)	Nessus	Red Hat Local Security Checks	high
284838	Mozilla Thunderbird < 147.0	Nessus	MacOS X Local Security Checks	critical
284837	Mozilla Thunderbird < 140.7	Nessus	MacOS X Local Security Checks	high
284836	Mozilla Thunderbird < 140.7	Nessus	Windows	high
284835	Mozilla Thunderbird < 147.0	Nessus	Windows	critical
284821	RHEL 8 : firefox (RHSA-2026:0667)	Nessus	Red Hat Local Security Checks	high
284809	SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2026:0122-1)	Nessus	SuSE Local Security Checks	high
284667	Fedora 42 : firefox (2026-0136a5ab4e)	Nessus	Fedora Local Security Checks	critical
284656	Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2026-014-02)	Nessus	Slackware Local Security Checks	high
283709	Mozilla Firefox < 147.0	Nessus	Windows	critical
283708	Mozilla Firefox ESR < 115.32	Nessus	Windows	high
283707	Mozilla Firefox ESR < 140.7	Nessus	MacOS X Local Security Checks	high
283706	Mozilla Firefox < 147.0	Nessus	MacOS X Local Security Checks	critical
283705	Mozilla Firefox ESR < 140.7	Nessus	Windows	high
283704	Mozilla Firefox ESR < 115.32	Nessus	MacOS X Local Security Checks	high
283572	Fedora 43 : firefox (2026-de370822e0)	Nessus	Fedora Local Security Checks	critical
282663	Linux Distros Unpatched Vulnerability : CVE-2026-0880	Nessus	Misc.	high

Detections

Analytics

CVE-2026-0880

high

Tenable Plugins

Coming Soon

high

high

high

critical

high

high

critical

high

high

critical

high

critical

high

high

critical

high

high

critical

high