CVE-2026-0878
EUVD-2026-234013.01.2026, 14:16
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox_esr | 𝑥 < 140.7.0 |
| mozilla | firefox | 𝑥 < 147.0 |
| mozilla | thunderbird_esr | 𝑥 < 140.7.0 |
| mozilla | thunderbird | 𝑥 < 147.0 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||||
| firefox-esr |
| ||||||||||||||||
| thunderbird |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MozillaFirefox |
| ||||||||||||||||||||||||
| MozillaFirefox-devel |
| ||||||||||||||||||||||||
| MozillaFirefox-translations-common |
| ||||||||||||||||||||||||
| MozillaFirefox-translations-other |
| ||||||||||||||||||||||||
| MozillaThunderbird |
| ||||||||||||||||||||||||
| MozillaThunderbird-translations-common |
| ||||||||||||||||||||||||
| MozillaThunderbird-translations-other |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration