{"id":"CVE-2026-0879","details":"Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox \u003c 147, Firefox ESR \u003c 115.32, Firefox ESR \u003c 140.7, Thunderbird \u003c 147, and Thunderbird \u003c 140.7.","modified":"2026-04-16T04:39:47.520153696Z","published":"2026-01-13T14:16:38.463Z","related":["ALSA-2026:0667","ALSA-2026:0694","ALSA-2026:0924","ALSA-2026:2220","ALSA-2026:2271","ALSA-2026:2286","SUSE-SU-2026:0122-1","SUSE-SU-2026:0153-1","SUSE-SU-2026:0260-1","SUSE-SU-2026:20086-1","openSUSE-SU-2026:10037-1","openSUSE-SU-2026:10046-1","openSUSE-SU-2026:10058-1","openSUSE-SU-2026:20041-1","openSUSE-SU-2026:20391-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2026-02/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2004602"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"115.32.0"}]},{"events":[{"introduced":"0"},{"fixed":"147.0"}]},{"events":[{"introduced":"128.0"},{"fixed":"140.7.0"}]},{"events":[{"introduced":"0"},{"fixed":"140.7.0"}]},{"events":[{"introduced":"0"},{"fixed":"147.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-0879.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}