PatchSiren cyber security CVE debrief
CVE-2026-0879 Mozilla CVE debrief
CVE-2026-0879 is a critical vulnerability in Mozilla Firefox, allowing for sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. The vulnerability has a CVSS score of 9.8 and is considered critical. The CVE record was published on January 13, 2026, and last modified on June 30, 2026.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-06-30
Who should care
Organizations and individuals using Mozilla Firefox, Firefox ESR, Thunderbird, or Thunderbird ESR should prioritize patching this vulnerability to prevent potential sandbox escapes. This vulnerability is particularly concerning due to its critical severity and potential for exploitation.
Technical summary
CVE-2026-0879 is a critical vulnerability in the Graphics component of Mozilla Firefox, allowing for sandbox escape due to incorrect boundary conditions. The vulnerability has a CVSS score of 9.8 and is considered critical. The affected products include Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR. The vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
Defensive priority
High priority should be given to patching CVE-2026-0879, as it is a critical vulnerability with a high CVSS score. Organizations should ensure that all affected products are updated to the latest versions to prevent potential exploitation.
Recommended defensive actions
- Patch Firefox to version 147 or later
- Patch Firefox ESR to version 115.32 or later
- Patch Firefox ESR to version 140.7 or later
- Patch Thunderbird to version 147 or later
- Patch Thunderbird ESR to version 140.7 or later
Evidence notes
The CVE record was published on January 13, 2026, and last modified on June 30, 2026. The vulnerability has a CVSS score of 9.8 and is considered critical. The affected products include Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR.
Official resources
-
CVE-2026-0879 CVE record
CVE.org
-
CVE-2026-0879 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Permissions Required
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.