CVE-2026-5732

CWE-190 — Integer Overflow12 documents9 sources

Severity

8.8HIGH

EPSS

0.0%

top 87.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Mozilla Thunderbird

Timeline

PublishedApr 7

Description

Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability affects Firefox < 149.0.2, Firefox ESR < 140.9.1, Thunderbird < 149.0.2, and Thunderbird < 140.9.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5mozilla/firefoxunspecified — 149.0.2

▶NVDmozilla/firefox< 140.9.1+1

▶CVEListV5mozilla/firefox_esrunspecified — 140.9.1

▶CVEListV5mozilla/thunderbirdunspecified — 149.0.2+1

▶Debianfirefox-esr< 140.9.1esr-1~deb12u1+1

🔴Vulnerability Details

GHSA

GHSA-mj57-mxq8-qvw9: Incorrect boundary conditions, integer overflow in the Graphics: Text component↗2026-04-07

▶

OSV

CVE-2026-5732: Incorrect boundary conditions, integer overflow in the Graphics: Text component↗2026-04-07

▶

CVEList

Incorrect boundary conditions, integer overflow in the Graphics: Text component↗2026-04-07

▶

📋Vendor Advisories

Red Hat

firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component↗2026-04-07

▶

Debian

CVE-2026-5732: firefox - Incorrect boundary conditions, integer overflow in the Graphics: Text component....↗2026

▶

Mozilla

Mozilla Foundation Security Advisory 2026-29: CVE-2026-5732↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-25: CVE-2026-5732↗

▶

Mozilla

Mozilla Foundation Security Advisory 2026-27: CVE-2026-5732↗

▶

🕵️Threat Intelligence

Wiz

CVE-2026-5732 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-5732 firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component↗2026-04-07

▶