CVE-2026-0879Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents9 sources
Severity
9.8CRITICALNVD
EPSS
0.0%
top 92.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla ThunderbirdMozilla Firefox
Timeline
PublishedJan 13
Latest updateFeb 2

Description

Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDmozilla/firefox128.0140.7.0+2
NVDmozilla/thunderbird< 140.7.0+1
Debianmozilla/thunderbird< 1:140.7.0esr-1~deb11u1+3

🔴Vulnerability Details

3
OSV
CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the Graphics component2026-01-13
GHSA
GHSA-r38v-527h-36cj: Sandbox escape due to incorrect boundary conditions in the Graphics component2026-01-13
CVEList
Sandbox escape due to incorrect boundary conditions in the Graphics component2026-01-13

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2026-02-02
Red Hat
firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Graphics component2026-01-13
Debian
CVE-2026-0879: firefox - Sandbox escape due to incorrect boundary conditions in the Graphics component. T...2026
Mozilla
Mozilla Foundation Security Advisory 2026-01: CVE-2026-0879
Mozilla
Mozilla Foundation Security Advisory 2026-02: CVE-2026-0879

🕵️Threat Intelligence

1
Wiz
CVE-2026-0879 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-0879 — Mozilla Firefox vulnerability | cvebase