cbcvebase.
CVE-2026-8949
published 2026-05-19

CVE-2026-8949: Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.

Affected

8 ranges
VendorProductVersion rangeFixed in
mozillafirefox< Firefox 151Firefox 151
mozillafirefox< 140.11.0140.11.0
mozillafirefox< 151.0.0151.0.0
mozillafirefox_esr< Firefox ESR 140.11Firefox ESR 140.11
mozillathunderbird< Thunderbird 151Thunderbird 151
mozillathunderbird< Thunderbird 140.11Thunderbird 140.11
mozillathunderbird< 140.11140.11
mozillathunderbird< 151.0.0151.0.0