PatchSiren cyber security CVE debrief
CVE-2026-0880 Mozilla CVE debrief
CVE-2026-0880 is a HIGH severity vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird. The vulnerability is caused by an integer overflow in the Graphics component, which can lead to a sandbox escape. The vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. Users should update to the latest version to mitigate the vulnerability. The CVE was published on 2026-01-13 and modified on 2026-06-30.
- Vendor
- Mozilla
- Product
- Firefox
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-06-30
Who should care
This vulnerability affects users of Mozilla Firefox, Firefox ESR, and Thunderbird. Users who have not updated to the latest version are at risk of exploitation. Defender should prioritize patching vulnerable systems, especially those exposed to the internet.
Technical summary
The vulnerability is caused by an integer overflow in the Graphics component of Mozilla Firefox, Firefox ESR, and Thunderbird. This can lead to a sandbox escape, allowing an attacker to execute arbitrary code. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity. The vulnerability was introduced due to a lack of proper bounds checking, allowing an attacker to overflow an integer value and escape the sandbox.
Defensive priority
High priority should be given to patching vulnerable systems, especially those exposed to the internet. Defender should ensure that all systems are updated to the latest version of Firefox, Firefox ESR, and Thunderbird.
Recommended defensive actions
- Patch vulnerable systems: Update Firefox to version 147, Firefox ESR to version 115.32 or 140.7, and Thunderbird to version 147 or 140.7.
- Verify system updates: Ensure that all systems have been updated to the latest version.
- Monitor system logs: Monitor system logs for any suspicious activity.
- Perform vulnerability scans: Perform regular vulnerability scans to identify vulnerable systems.
- Implement compensating controls: Implement compensating controls, such as network segmentation, to reduce the attack surface.
Evidence notes
The CVE-2026-0880 vulnerability was published on 2026-01-13 and modified on 2026-06-30. The vulnerability has a CVSS score of 8.8 and is considered HIGH severity. The vulnerability affects Mozilla Firefox, Firefox ESR, and Thunderbird. The vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
Official resources
-
CVE-2026-0880 CVE record
CVE.org
-
CVE-2026-0880 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
[email protected] - Permissions Required
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.