{"id":"CVE-2026-0880","details":"Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox \u003c 147, Firefox ESR \u003c 115.32, Firefox ESR \u003c 140.7, Thunderbird \u003c 147, and Thunderbird \u003c 140.7.","modified":"2026-04-16T04:39:14.901410159Z","published":"2026-01-13T14:16:38.557Z","related":["ALSA-2026:0667","ALSA-2026:0694","ALSA-2026:0924","ALSA-2026:2220","ALSA-2026:2271","ALSA-2026:2286","SUSE-SU-2026:0122-1","SUSE-SU-2026:0153-1","SUSE-SU-2026:0260-1","SUSE-SU-2026:20086-1","openSUSE-SU-2026:10037-1","openSUSE-SU-2026:10046-1","openSUSE-SU-2026:10058-1","openSUSE-SU-2026:20041-1","openSUSE-SU-2026:20391-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2026-03/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2026-04/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2026-05/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2026-01/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2026-02/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2005014"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"115.32.0"}]},{"events":[{"introduced":"0"},{"fixed":"147.0"}]},{"events":[{"introduced":"128.0"},{"fixed":"140.7.0"}]},{"events":[{"introduced":"0"},{"fixed":"140.7.0"}]},{"events":[{"introduced":"0"},{"fixed":"147.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-0880.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}