Vulnerability-Lookup

WID-SEC-W-2026-0090

Vulnerability from csaf_certbund - Published: 2026-01-13 23:00 - Updated: 2026-02-04 23:00

Summary

Mozilla Firefox und Thunderbird: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Firefox ist ein Open Source Web Browser. Thunderbird ist ein Open Source E-Mail Client.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Mozilla Firefox und Thunderbird ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen, Spoofing-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen, Speicherbeschädigungen zu verursachen, die möglicherweise zur Ausführung von beliebigem Code führen, oder andere nicht näher definierte Angriffe durchzuführen.

Betroffene Betriebssysteme: - Linux - MacOS X - UNIX - Windows

CVE-2025-14327

CVE-2026-0877

CVE-2026-0878

CVE-2026-0879

CVE-2026-0880

CVE-2026-0881

CVE-2026-0882

CVE-2026-0883

CVE-2026-0884

CVE-2026-0885

CVE-2026-0886

CVE-2026-0887

CVE-2026-0888

CVE-2026-0889

CVE-2026-0890

CVE-2026-0891

CVE-2026-0892

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://www.mozilla.org/en-US/security/advisories…	external
	https://www.mozilla.org/en-US/security/advisories…	external
	https://www.mozilla.org/en-US/security/advisories…	external
	https://lists.opensuse.org/archives/list/security…	external
	https://access.redhat.com/errata/RHSA-2026:0667	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://www.mozilla.org/en-US/security/advisories…	external
	https://www.mozilla.org/en-US/security/advisories…	external
	https://access.redhat.com/errata/RHSA-2026:0694	external
	https://lists.debian.org/debian-lts-announce/2026…	external
	https://lists.debian.org/debian-security-announce…	external
	https://lists.opensuse.org/archives/list/security…	external
	https://errata.build.resf.org/RLSA-2026:0667	external
	https://errata.build.resf.org/RLSA-2026:0694	external
	https://lists.debian.org/debian-security-announce…	external
	https://linux.oracle.com/errata/ELSA-2026-0694.html	external
	https://linux.oracle.com/errata/ELSA-2026-0667.html	external
	https://lists.debian.org/debian-lts-announce/2026…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://access.redhat.com/errata/RHSA-2026:0924	external
	https://linux.oracle.com/errata/ELSA-2026-0924.html	external
	https://errata.build.resf.org/RLSA-2026:0924	external
	https://lists.opensuse.org/archives/list/security…	external
	https://access.redhat.com/errata/RHSA-2026:1320	external
	https://access.redhat.com/errata/RHSA-2026:1462	external
	https://access.redhat.com/errata/RHSA-2026:1471	external
	https://access.redhat.com/errata/RHSA-2026:1413	external
	https://access.redhat.com/errata/RHSA-2026:1414	external
	https://access.redhat.com/errata/RHSA-2026:1415	external
	https://access.redhat.com/errata/RHSA-2026:1461	external
	https://access.redhat.com/errata/RHSA-2026:1487	external
	https://ubuntu.com/security/notices/USN-7991-1	external
	https://access.redhat.com/errata/RHSA-2026:2043	external
	https://access.redhat.com/errata/RHSA-2026:2047	external
	https://access.redhat.com/errata/RHSA-2026:2041	external
	https://access.redhat.com/errata/RHSA-2026:2044	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Firefox ist ein Open Source Web Browser.\r\nThunderbird ist ein Open Source E-Mail Client.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Mozilla Firefox und Thunderbird ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen, Spoofing-Angriffe durchzuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Speicherbesch\u00e4digungen zu verursachen, die m\u00f6glicherweise zur Ausf\u00fchrung von beliebigem Code f\u00fchren, oder andere nicht n\u00e4her definierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0090 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0090.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0090 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0090"
      },
      {
        "category": "external",
        "summary": "Mozilla Foundation Security Advisory MFSA 2026-01 vom 2026-01-13",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/"
      },
      {
        "category": "external",
        "summary": "Mozilla Foundation Security Advisory MFSA 2026-02 vom 2026-01-13",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02/"
      },
      {
        "category": "external",
        "summary": "Mozilla Foundation Security Advisory MFSA 2026-03 vom 2026-01-13",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10037-1 vom 2026-01-14",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MWE7GIFYIBLX76K6B34TZZ67PXOQMQY6/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0667 vom 2026-01-15",
        "url": "https://access.redhat.com/errata/RHSA-2026:0667"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0122-1 vom 2026-01-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023741.html"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory MFSA2026-04 vom 2026-01-15",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04/"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory MFSA2026-05 vom 2026-01-15",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0694 vom 2026-01-15",
        "url": "https://access.redhat.com/errata/RHSA-2026:0694"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4439 vom 2026-01-15",
        "url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00010.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6101 vom 2026-01-15",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00009.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:10046-1 vom 2026-01-15",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2E4U6WVD3HP25MAGYON4BCRAFHCTX3SC/"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:0667 vom 2026-01-16",
        "url": "https://errata.build.resf.org/RLSA-2026:0667"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:0694 vom 2026-01-16",
        "url": "https://errata.build.resf.org/RLSA-2026:0694"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6103 vom 2026-01-17",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00011.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-0694 vom 2026-01-16",
        "url": "https://linux.oracle.com/errata/ELSA-2026-0694.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-0667 vom 2026-01-16",
        "url": "https://linux.oracle.com/errata/ELSA-2026-0667.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4442 vom 2026-01-19",
        "url": "https://lists.debian.org/debian-lts-announce/2026/01/msg00013.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0153-1 vom 2026-01-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023791.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:20086-1 vom 2026-01-20",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023813.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:0924 vom 2026-01-21",
        "url": "https://access.redhat.com/errata/RHSA-2026:0924"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-0924 vom 2026-01-21",
        "url": "https://linux.oracle.com/errata/ELSA-2026-0924.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:0924 vom 2026-01-22",
        "url": "https://errata.build.resf.org/RLSA-2026:0924"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:0260-1 vom 2026-01-23",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VOTCXXVYDWXM7Y4N2D6ZBPDRGOEE7KPT/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:1320 vom 2026-01-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:1320"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:1462 vom 2026-01-28",
        "url": "https://access.redhat.com/errata/RHSA-2026:1462"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:1471 vom 2026-01-28",
        "url": "https://access.redhat.com/errata/RHSA-2026:1471"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:1413 vom 2026-01-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:1413"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:1414 vom 2026-01-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:1414"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:1415 vom 2026-01-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:1415"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:1461 vom 2026-01-28",
        "url": "https://access.redhat.com/errata/RHSA-2026:1461"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:1487 vom 2026-01-28",
        "url": "https://access.redhat.com/errata/RHSA-2026:1487"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7991-1 vom 2026-02-03",
        "url": "https://ubuntu.com/security/notices/USN-7991-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:2043 vom 2026-02-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:2043"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:2047 vom 2026-02-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:2047"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:2041 vom 2026-02-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:2041"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:2044 vom 2026-02-05",
        "url": "https://access.redhat.com/errata/RHSA-2026:2044"
      }
    ],
    "source_lang": "en-US",
    "title": "Mozilla Firefox und Thunderbird: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-02-04T23:00:00.000+00:00",
      "generator": {
        "date": "2026-02-05T09:39:39.725+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0090",
      "initial_release_date": "2026-01-13T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-01-13T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-01-14T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von openSUSE, Red Hat, European Union Vulnerability Database und SUSE aufgenommen"
        },
        {
          "date": "2026-01-15T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian und openSUSE aufgenommen"
        },
        {
          "date": "2026-01-18T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-01-19T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Debian und SUSE aufgenommen"
        },
        {
          "date": "2026-01-20T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-01-21T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2026-01-22T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2026-01-26T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-01-27T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-01-28T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-02-02T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2026-02-04T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "13"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c147",
                "product": {
                  "name": "Mozilla Firefox \u003c147",
                  "product_id": "T049898"
                }
              },
              {
                "category": "product_version",
                "name": "147",
                "product": {
                  "name": "Mozilla Firefox 147",
                  "product_id": "T049898-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox:147"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c115.32",
                "product": {
                  "name": "Mozilla Firefox ESR \u003c115.32",
                  "product_id": "T049939"
                }
              },
              {
                "category": "product_version",
                "name": "115.32",
                "product": {
                  "name": "Mozilla Firefox ESR 115.32",
                  "product_id": "T049939-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox_esr:115.32"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c140.7",
                "product": {
                  "name": "Mozilla Firefox ESR \u003c140.7",
                  "product_id": "T049940"
                }
              },
              {
                "category": "product_version",
                "name": "140.7",
                "product": {
                  "name": "Mozilla Firefox ESR 140.7",
                  "product_id": "T049940-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox_esr:140.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox ESR"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "ESR \u003c140.7",
                "product": {
                  "name": "Mozilla Thunderbird ESR \u003c140.7",
                  "product_id": "T049941"
                }
              },
              {
                "category": "product_version",
                "name": "ESR 140.7",
                "product": {
                  "name": "Mozilla Thunderbird ESR 140.7",
                  "product_id": "T049941-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:thunderbird:esr__140.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c147",
                "product": {
                  "name": "Mozilla Thunderbird \u003c147",
                  "product_id": "T049942"
                }
              },
              {
                "category": "product_version",
                "name": "147",
                "product": {
                  "name": "Mozilla Thunderbird 147",
                  "product_id": "T049942-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:thunderbird:147"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Thunderbird"
          }
        ],
        "category": "vendor",
        "name": "Mozilla"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14327",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2025-14327"
    },
    {
      "cve": "CVE-2026-0877",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-0877"
    },
    {
      "cve": "CVE-2026-0878",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-0878"
    },
    {
      "cve": "CVE-2026-0879",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-0879"
    },
    {
      "cve": "CVE-2026-0880",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-0880"
    },
    {
      "cve": "CVE-2026-0881",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-0881"
    },
    {
      "cve": "CVE-2026-0882",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-0882"
    },
    {
      "cve": "CVE-2026-0883",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-0883"
    },
    {
      "cve": "CVE-2026-0884",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-0884"
    },
    {
      "cve": "CVE-2026-0885",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-0885"
    },
    {
      "cve": "CVE-2026-0886",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-0886"
    },
    {
      "cve": "CVE-2026-0887",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-0887"
    },
    {
      "cve": "CVE-2026-0888",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-0888"
    },
    {
      "cve": "CVE-2026-0889",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-0889"
    },
    {
      "cve": "CVE-2026-0890",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-0890"
    },
    {
      "cve": "CVE-2026-0891",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-0891"
    },
    {
      "cve": "CVE-2026-0892",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T049939",
          "T000126",
          "T027843",
          "T004914",
          "T032255",
          "T049898",
          "T049942",
          "T049941",
          "T049940"
        ]
      },
      "release_date": "2026-01-13T23:00:00.000+00:00",
      "title": "CVE-2026-0892"
    }
  ]
}

CVE-2026-0887 (GCVE-0-2026-0887)

Vulnerability from cvelistv5 – Published: 2026-01-13 13:30 – Updated: 2026-04-13 13:51

Title

Clickjacking issue, information disclosure in the PDF Viewer component

Summary

Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Severity ?

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE

CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2006500
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Credits

Lyra Rebane

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0887",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T15:32:40.994965Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-497",
                "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T15:32:44.439Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Lyra Rebane"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
            }
          ],
          "value": "Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:51:59.523Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2006500"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/"
        }
      ],
      "title": "Clickjacking issue, information disclosure in the PDF Viewer component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-0887",
    "datePublished": "2026-01-13T13:30:57.847Z",
    "dateReserved": "2026-01-13T13:30:57.650Z",
    "dateUpdated": "2026-04-13T13:51:59.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0884 (GCVE-0-2026-0884)

Vulnerability from cvelistv5 – Published: 2026-01-13 13:30 – Updated: 2026-04-13 13:51

Title

Use-after-free in the JavaScript Engine component

Summary

Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2003588
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Credits

Gary Kwong and Nan Wang

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0884",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T15:35:44.298477Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T15:37:27.838Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Gary Kwong and Nan Wang"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
            }
          ],
          "value": "Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:51:52.987Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003588"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/"
        }
      ],
      "title": "Use-after-free in the JavaScript Engine component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-0884",
    "datePublished": "2026-01-13T13:30:56.543Z",
    "dateReserved": "2026-01-13T13:30:56.343Z",
    "dateUpdated": "2026-04-13T13:51:52.987Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0880 (GCVE-0-2026-0880)

Vulnerability from cvelistv5 – Published: 2026-01-13 13:30 – Updated: 2026-04-13 13:51

Title

Sandbox escape due to integer overflow in the Graphics component

Summary

Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-190 - Integer Overflow or Wraparound

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2005014
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 115.32 , ≤ 115.* (rpm)
Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Credits

Oskar L

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0880",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T18:40:37.196895Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T18:41:39.067Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.32",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Oskar L"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
            }
          ],
          "value": "Sandbox escape due to integer overflow in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:51:44.559Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005014"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/"
        }
      ],
      "title": "Sandbox escape due to integer overflow in the Graphics component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-0880",
    "datePublished": "2026-01-13T13:30:54.679Z",
    "dateReserved": "2026-01-13T13:30:54.411Z",
    "dateUpdated": "2026-04-13T13:51:44.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0892 (GCVE-0-2026-0892)

Vulnerability from cvelistv5 – Published: 2026-01-13 13:30 – Updated: 2026-04-13 13:52

Title

Memory safety bugs fixed in Firefox 147 and Thunderbird 147

Summary

Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 147 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 147 , ≤ * (rpm)

Credits

Hiroyuki Ikezoe, Jon Coppeard, Maurice Dauer and the Mozilla Fuzzing Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0892",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T04:56:04.101715Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:46.714Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Hiroyuki Ikezoe, Jon Coppeard, Maurice Dauer and the Mozilla Fuzzing Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147 and Thunderbird 147."
            }
          ],
          "value": "Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147 and Thunderbird 147."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:52:12.599Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "Memory safety bugs fixed in Firefox 147 and Thunderbird 147",
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1986912%2C1996718%2C1999633%2C2001081%2C2004443"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/"
        }
      ],
      "title": "Memory safety bugs fixed in Firefox 147 and Thunderbird 147"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-0892",
    "datePublished": "2026-01-13T13:30:59.874Z",
    "dateReserved": "2026-01-13T13:30:59.693Z",
    "dateUpdated": "2026-04-13T13:52:12.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0881 (GCVE-0-2026-0881)

Vulnerability from cvelistv5 – Published: 2026-01-13 13:30 – Updated: 2026-04-13 13:51

Title

Sandbox escape in the Messaging System component

Summary

Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-693 - Protection Mechanism Failure
CWE-284 - Improper Access Control

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2005845
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 147 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 147 , ≤ * (rpm)

Credits

Andrew McCreight

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 10,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0881",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T18:29:56.520371Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T18:32:04.165Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Andrew McCreight"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147."
            }
          ],
          "value": "Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:51:46.729Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005845"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/"
        }
      ],
      "title": "Sandbox escape in the Messaging System component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-0881",
    "datePublished": "2026-01-13T13:30:55.122Z",
    "dateReserved": "2026-01-13T13:30:54.908Z",
    "dateUpdated": "2026-04-13T13:51:46.729Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0877 (GCVE-0-2026-0877)

Vulnerability from cvelistv5 – Published: 2026-01-13 13:30 – Updated: 2026-04-13 13:51

Title

Mitigation bypass in the DOM: Security component

Summary

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-693 - Protection Mechanism Failure

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1999257
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 115.32 , ≤ 115.* (rpm)
Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Credits

Mingi Jung (정민기입니다)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0877",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T15:24:18.449019Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T15:26:15.125Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.32",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Mingi Jung (\uc815\ubbfc\uae30\uc785\ub2c8\ub2e4)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
            }
          ],
          "value": "Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:51:38.648Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999257"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/"
        }
      ],
      "title": "Mitigation bypass in the DOM: Security component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-0877",
    "datePublished": "2026-01-13T13:30:52.979Z",
    "dateReserved": "2026-01-13T13:30:52.762Z",
    "dateUpdated": "2026-04-13T13:51:38.648Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0888 (GCVE-0-2026-0888)

Vulnerability from cvelistv5 – Published: 2026-01-13 13:30 – Updated: 2026-04-13 13:52

Title

Information disclosure in the XML component

Summary

Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1985996
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 147 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 147 , ≤ * (rpm)

Credits

Pier Angelo Vendrame

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0888",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T20:29:19.499227Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T20:29:51.820Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Pier Angelo Vendrame"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147."
            }
          ],
          "value": "Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:52:02.777Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1985996"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/"
        }
      ],
      "title": "Information disclosure in the XML component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-0888",
    "datePublished": "2026-01-13T13:30:58.296Z",
    "dateReserved": "2026-01-13T13:30:58.095Z",
    "dateUpdated": "2026-04-13T13:52:02.777Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0889 (GCVE-0-2026-0889)

Vulnerability from cvelistv5 – Published: 2026-01-13 13:30 – Updated: 2026-04-13 13:52

Title

Denial-of-service in the DOM: Service Workers component

Summary

Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1999084
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 147 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 147 , ≤ * (rpm)

Credits

Elysee Franchuk, Caleb Lerch

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0889",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T20:30:08.189012Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T20:30:28.179Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Elysee Franchuk, Caleb Lerch"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147."
            }
          ],
          "value": "Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:52:05.389Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1999084"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/"
        }
      ],
      "title": "Denial-of-service in the DOM: Service Workers component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-0889",
    "datePublished": "2026-01-13T13:30:58.675Z",
    "dateReserved": "2026-01-13T13:30:58.498Z",
    "dateUpdated": "2026-04-13T13:52:05.389Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0890 (GCVE-0-2026-0890)

Vulnerability from cvelistv5 – Published: 2026-01-13 13:30 – Updated: 2026-04-13 13:52

Title

Spoofing issue in the DOM: Copy & Paste and Drag & Drop component

Summary

Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CWE

CWE-290 - Authentication Bypass by Spoofing

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2005081
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Credits

Edgar Chen

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0890",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T15:30:33.018220Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-290",
                "description": "CWE-290 Authentication Bypass by Spoofing",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T15:30:48.870Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Edgar Chen"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Spoofing issue in the DOM: Copy \u0026 Paste and Drag \u0026 Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
            }
          ],
          "value": "Spoofing issue in the DOM: Copy \u0026 Paste and Drag \u0026 Drop component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:52:07.852Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005081"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/"
        }
      ],
      "title": "Spoofing issue in the DOM: Copy \u0026 Paste and Drag \u0026 Drop component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-0890",
    "datePublished": "2026-01-13T13:30:59.089Z",
    "dateReserved": "2026-01-13T13:30:58.912Z",
    "dateUpdated": "2026-04-13T13:52:07.852Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0883 (GCVE-0-2026-0883)

Vulnerability from cvelistv5 – Published: 2026-01-13 13:30 – Updated: 2026-04-13 13:51

Title

Information disclosure in the Networking component

Summary

Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1989340
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Credits

Vladislav Plyatsok

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0883",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T15:46:59.917737Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T15:47:56.126Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Vladislav Plyatsok"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
            }
          ],
          "value": "Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:51:51.032Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989340"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/"
        }
      ],
      "title": "Information disclosure in the Networking component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-0883",
    "datePublished": "2026-01-13T13:30:56.043Z",
    "dateReserved": "2026-01-13T13:30:55.877Z",
    "dateUpdated": "2026-04-13T13:51:51.032Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-14327 (GCVE-0-2025-14327)

Vulnerability from cvelistv5 – Published: 2025-12-09 13:38 – Updated: 2026-04-13 14:24

Title

Spoofing issue in the Downloads Panel component

Summary

Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-290 - Authentication Bypass by Spoofing

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1970743
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 146 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 146 , ≤ * (rpm)

Credits

Caro Kann

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-14327",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-11T20:42:08.839635Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-290",
                "description": "CWE-290 Authentication Bypass by Spoofing",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-11T20:45:35.202Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "146",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "146",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Caro Kann"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7."
            }
          ],
          "value": "Spoofing issue in the Downloads Panel component. This vulnerability was fixed in Firefox 146, Thunderbird 146, Firefox ESR 140.7, and Thunderbird 140.7."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T14:24:13.332Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970743"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-92/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-95/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/"
        }
      ],
      "title": "Spoofing issue in the Downloads Panel component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-14327",
    "datePublished": "2025-12-09T13:38:02.260Z",
    "dateReserved": "2025-12-09T13:38:01.463Z",
    "dateUpdated": "2026-04-13T14:24:13.332Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0878 (GCVE-0-2026-0878)

Vulnerability from cvelistv5 – Published: 2026-01-13 13:30 – Updated: 2026-04-13 13:51

Title

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component

Summary

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Severity ?

8 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-20 - Improper Input Validation

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2003989
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Credits

Oskar L

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0878",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T15:40:42.337589Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-20",
                "description": "CWE-20 Improper Input Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T15:43:10.236Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Oskar L"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
            }
          ],
          "value": "Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:51:40.607Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003989"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/"
        }
      ],
      "title": "Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-0878",
    "datePublished": "2026-01-13T13:30:53.697Z",
    "dateReserved": "2026-01-13T13:30:53.395Z",
    "dateUpdated": "2026-04-13T13:51:40.607Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0882 (GCVE-0-2026-0882)

Vulnerability from cvelistv5 – Published: 2026-01-13 13:30 – Updated: 2026-04-13 13:51

Title

Use-after-free in the IPC component

Summary

Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1924125
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 115.32 , ≤ 115.* (rpm)
Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Credits

Randell Jesup

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0882",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T18:21:25.499529Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T18:23:30.824Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.32",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Randell Jesup"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
            }
          ],
          "value": "Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:51:48.764Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924125"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/"
        }
      ],
      "title": "Use-after-free in the IPC component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-0882",
    "datePublished": "2026-01-13T13:30:55.562Z",
    "dateReserved": "2026-01-13T13:30:55.389Z",
    "dateUpdated": "2026-04-13T13:51:48.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0891 (GCVE-0-2026-0891)

Vulnerability from cvelistv5 – Published: 2026-01-13 13:30 – Updated: 2026-04-13 13:52

Title

Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147

Summary

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Credits

Andrew McCreight, Dennis Jackson and the Mozilla Fuzzing Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0891",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T04:56:05.302771Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:47.027Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Andrew McCreight, Dennis Jackson and the Mozilla Fuzzing Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
            }
          ],
          "value": "Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:52:10.334Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147",
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1964722%2C2000981%2C2003100%2C2003278"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/"
        }
      ],
      "title": "Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-0891",
    "datePublished": "2026-01-13T13:30:59.454Z",
    "dateReserved": "2026-01-13T13:30:59.286Z",
    "dateUpdated": "2026-04-13T13:52:10.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0879 (GCVE-0-2026-0879)

Vulnerability from cvelistv5 – Published: 2026-01-13 13:30 – Updated: 2026-04-13 13:51

Title

Sandbox escape due to incorrect boundary conditions in the Graphics component

Summary

Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2004602
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 115.32 , ≤ 115.* (rpm)
Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Credits

Oskar L

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0879",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T18:37:22.611097Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T18:38:32.416Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.32",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Oskar L"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
            }
          ],
          "value": "Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:51:42.642Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2004602"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/"
        }
      ],
      "title": "Sandbox escape due to incorrect boundary conditions in the Graphics component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-0879",
    "datePublished": "2026-01-13T13:30:54.207Z",
    "dateReserved": "2026-01-13T13:30:53.990Z",
    "dateUpdated": "2026-04-13T13:51:42.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0886 (GCVE-0-2026-0886)

Vulnerability from cvelistv5 – Published: 2026-01-13 13:30 – Updated: 2026-04-13 13:51

Title

Incorrect boundary conditions in the Graphics component

Summary

Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2005658
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 115.32 , ≤ 115.* (rpm)
Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Credits

Oskar L

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0886",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T20:27:39.523757Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T15:34:33.932Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.32",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Oskar L"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
            }
          ],
          "value": "Incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:51:57.056Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2005658"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-02/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/"
        }
      ],
      "title": "Incorrect boundary conditions in the Graphics component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-0886",
    "datePublished": "2026-01-13T13:30:57.400Z",
    "dateReserved": "2026-01-13T13:30:57.209Z",
    "dateUpdated": "2026-04-13T13:51:57.056Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-0885 (GCVE-0-2026-0885)

Vulnerability from cvelistv5 – Published: 2026-01-13 13:30 – Updated: 2026-04-13 13:51

Title

Use-after-free in the JavaScript: GC component

Summary

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE

CWE-416 - Use After Free

Assigner

mozilla

References

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=2003607
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…
	https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

Vendor

Product

Version

Mozilla

Firefox

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Mozilla

Thunderbird

Unaffected: 140.7 , ≤ 140.* (rpm)
Unaffected: 147 , ≤ * (rpm)

Credits

Irvan Kurniawan

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-0885",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T20:24:43.381223Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T20:25:45.847Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.7",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "147",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Irvan Kurniawan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
            }
          ],
          "value": "Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:51:54.970Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2003607"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-01/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-03/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-04/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-05/"
        }
      ],
      "title": "Use-after-free in the JavaScript: GC component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-0885",
    "datePublished": "2026-01-13T13:30:56.939Z",
    "dateReserved": "2026-01-13T13:30:56.753Z",
    "dateUpdated": "2026-04-13T13:51:54.970Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0090

CVE-2026-0887 (GCVE-0-2026-0887)

CVE-2026-0884 (GCVE-0-2026-0884)

CVE-2026-0880 (GCVE-0-2026-0880)

CVE-2026-0892 (GCVE-0-2026-0892)

CVE-2026-0881 (GCVE-0-2026-0881)

CVE-2026-0877 (GCVE-0-2026-0877)

CVE-2026-0888 (GCVE-0-2026-0888)

CVE-2026-0889 (GCVE-0-2026-0889)

CVE-2026-0890 (GCVE-0-2026-0890)

CVE-2026-0883 (GCVE-0-2026-0883)

CVE-2025-14327 (GCVE-0-2025-14327)

CVE-2026-0878 (GCVE-0-2026-0878)

CVE-2026-0882 (GCVE-0-2026-0882)

CVE-2026-0891 (GCVE-0-2026-0891)

CVE-2026-0879 (GCVE-0-2026-0879)

CVE-2026-0886 (GCVE-0-2026-0886)

CVE-2026-0885 (GCVE-0-2026-0885)

Tags

Sightings

Nomenclature