CVE-2026-0881
published 2026-01-13CVE-2026-0881: Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 147.0-1 (sid) | firefox 147.0-1 (sid) |
| mozilla | firefox | < 147.0 | 147.0 |
| mozilla | firefox | — | — |
| mozilla | thunderbird | < 147.0 | 147.0 |
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
osv10.0CRITICAL