Vulnerability-Lookup

CVE-2026-2778 (GCVE-0-2026-2778)

Vulnerability from cvelistv5 – Published: 2026-02-24 13:33 – Updated: 2026-06-30 12:08

Title

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component

Summary

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.

Severity

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Assigner

mozilla

References

34 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=2016358
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://access.redhat.com/security/cve/CVE-2026-2778	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2442335	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:3984	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3976	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4260	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3361	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3517	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3338	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3515	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3492	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4432	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3491	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3980	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3495	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3979	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3494	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4022	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3493	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3983	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:4152	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3978	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3496	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3981	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3497	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3982	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3339	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:3516	vendor-advisoryx_refsource_REDHAT

Impacted products

22 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.33 , ≤ 115.* (rpm) Unaffected: 140.8 , ≤ 140.* (rpm) Unaffected: 148 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.8 , ≤ 140.* (rpm) Unaffected: 148 , ≤ * (rpm)
Red Hat	Red Hat Enterprise Linux Server (v. 7 ELS)	cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux AppStream EUS (v. 10.0)	cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux AppStream (v. 10)	cpe:/o:redhat:enterprise_linux:10.1
Red Hat	Red Hat Enterprise Linux AppStream (v. 8)	cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v. 8.2)	cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.4)	cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.6)	cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.6)	cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.6)	cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.8)	cpe:/a:redhat:rhel_e4s:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.8)	cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.0)	cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream (v. 9)	cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Credits

Sajeeb Lohani

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 10,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-2778",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-28T03:17:17.791021Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-16T14:32:14.511Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/o:redhat:rhel_els:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.2::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 7",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-02-24T13:33:13.564Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation\u0027s Security Advisory describes the following issue:\nSandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component"
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:08:24.279Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-2778"
          },
          {
            "name": "RHBZ#2442335",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442335"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2778.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3984"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3976"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4260"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3361"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3517"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3338"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3515"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3492"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4432"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3491"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3980"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3495"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3979"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3494"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4022"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3493"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3983"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:4152"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3978"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3496"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3981"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3497"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3982"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3339"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:3516"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:3984: Red Hat Enterprise Linux Server (v. 7 ELS)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3976: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4260: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3361: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3517: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3338: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3515: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3492: Red Hat Enterprise Linux AppStream AUS (v. 8.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4432: Red Hat Enterprise Linux AppStream AUS (v. 8.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3491: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3980: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3495: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3979: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3494: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4022: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3493: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3983: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:4152: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3978: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3496: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3981: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3497: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3982: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3339: Red Hat Enterprise Linux AppStream (v. 9)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:3516: Red Hat Enterprise Linux AppStream (v. 9)"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-02-24T14:05:18.491Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-02-24T13:33:13.564Z",
            "value": "Made public."
          }
        ],
        "title": "firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component",
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.33",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.8",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "148",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.8",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "148",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sajeeb Lohani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Sandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8."
            }
          ],
          "value": "Sandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T13:52:53.411Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016358"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/"
        }
      ],
      "title": "Sandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2026-2778",
    "datePublished": "2026-02-24T13:33:13.564Z",
    "dateReserved": "2026-02-19T15:06:06.469Z",
    "dateUpdated": "2026-06-30T12:08:24.279Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-2778",
      "date": "2026-06-30",
      "epss": "0.00483",
      "percentile": "0.3799"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-2778\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2026-02-24T14:16:26.230\",\"lastModified\":\"2026-06-30T03:18:20.000\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.\"},{\"lang\":\"es\",\"value\":\"Escape de sandbox debido a condiciones de l\u00edmite incorrectas en el DOM: Componente Core y HTML. Esta vulnerabilidad afecta a Firefox \u0026lt; 148, Firefox ESR \u0026lt; 115.33, Firefox ESR \u0026lt; 140.8, Thunderbird \u0026lt; 148, y Thunderbird \u0026lt; 140.8.\"}],\"affected\":[{\"source\":\"security@mozilla.org\",\"affectedData\":[{\"vendor\":\"Mozilla\",\"product\":\"Firefox\",\"versions\":[{\"version\":\"115.33\",\"lessThanOrEqual\":\"115.*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"},{\"version\":\"140.8\",\"lessThanOrEqual\":\"140.*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"},{\"version\":\"148\",\"lessThanOrEqual\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]},{\"vendor\":\"Mozilla\",\"product\":\"Thunderbird\",\"versions\":[{\"version\":\"140.8\",\"lessThanOrEqual\":\"140.*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"},{\"version\":\"148\",\"lessThanOrEqual\":\"*\",\"versionType\":\"rpm\",\"status\":\"unaffected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Server (v. 7 ELS)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_els:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v. 8.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.2::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream TUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_tus:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream TUS (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_tus:8.8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.0::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.2::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-02-28T03:17:17.791021Z\",\"id\":\"CVE-2026-2778\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionEndExcluding\":\"115.33.0\",\"matchCriteriaId\":\"1B590E0E-4C6F-4F2A-A0FF-9BEDA1A36D17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"148.0\",\"matchCriteriaId\":\"3D8676DB-4A12-41A0-A1A5-2DED97287973\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionStartIncluding\":\"128.0\",\"versionEndExcluding\":\"140.8.0\",\"matchCriteriaId\":\"AE16902C-47B5-438D-A4A5-770C08223931\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*\",\"versionEndExcluding\":\"140.8.0\",\"matchCriteriaId\":\"73228A3D-A71B-497B-A5BA-412FFE9F6F37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"148.0\",\"matchCriteriaId\":\"C5EBE90D-1996-4578-B715-605B24E66C59\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=2016358\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2026-13/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2026-14/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2026-15/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2026-16/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2026-17/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3338\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3339\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3361\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3491\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3492\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3493\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3494\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3495\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3496\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3497\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3515\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3516\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3517\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3976\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3978\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3979\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3980\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3981\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3982\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3983\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3984\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4022\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4152\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4260\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4432\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-2778\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2442335\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2778.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-2778\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-28T03:17:17.791021Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-28T03:17:39.461Z\"}}], \"cna\": {\"title\": \"Sandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component\", \"credits\": [{\"lang\": \"en\", \"value\": \"Sajeeb Lohani\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"115.33\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"115.*\"}, {\"status\": \"unaffected\", \"version\": \"140.8\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"140.*\"}, {\"status\": \"unaffected\", \"version\": \"148\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"*\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"140.8\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"140.*\"}, {\"status\": \"unaffected\", \"version\": \"148\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"*\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=2016358\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2026-13/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2026-14/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2026-15/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2026-16/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2026-17/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Sandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Sandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2026-04-13T13:52:53.411Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-2778\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-16T14:32:14.511Z\", \"dateReserved\": \"2026-02-19T15:06:06.469Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2026-02-24T13:33:13.564Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

alsa-2026:3338

Vulnerability from osv_almalinux

Published

2026-02-25 00:00

Modified

2026-03-02 12:54

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)
firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)
firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2793)
firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)
firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)
firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software (CVE-2026-2776)
firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)
firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)
firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)
firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)
firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)
firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-2783)
firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)
firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)
firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)
firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)
firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)
firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)
firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)
firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)
firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2792)
firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)
firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)
firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)
firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component (CVE-2026-2760)
firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)
firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)
firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)
firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)
firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)
firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)
firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component (CVE-2026-2778)
firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)
firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)
firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:3338	ADVISORY
	https://access.redhat.com/security/cve/CVE-2026-2447	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2757	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2758	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2759	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2760	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2761	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2762	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2763	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2764	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2765	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2766	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2767	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2768	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2769	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2770	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2771	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2772	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2773	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2774	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2775	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2776	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2777	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2778	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2779	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2780	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2781	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2782	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2783	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2784	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2785	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2786	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2787	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2788	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2789	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2790	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2791	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2792	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2793	REPORT
	https://bugzilla.redhat.com/2440219	REPORT
	https://bugzilla.redhat.com/2442284	REPORT
	https://bugzilla.redhat.com/2442287	REPORT
	https://bugzilla.redhat.com/2442288	REPORT
	https://bugzilla.redhat.com/2442290	REPORT
	https://bugzilla.redhat.com/2442291	REPORT
	https://bugzilla.redhat.com/2442292	REPORT
	https://bugzilla.redhat.com/2442294	REPORT
	https://bugzilla.redhat.com/2442295	REPORT
	https://bugzilla.redhat.com/2442297	REPORT
	https://bugzilla.redhat.com/2442298	REPORT
	https://bugzilla.redhat.com/2442300	REPORT
	https://bugzilla.redhat.com/2442302	REPORT
	https://bugzilla.redhat.com/2442304	REPORT
	https://bugzilla.redhat.com/2442307	REPORT
	https://bugzilla.redhat.com/2442308	REPORT
	https://bugzilla.redhat.com/2442309	REPORT
	https://bugzilla.redhat.com/2442312	REPORT
	https://bugzilla.redhat.com/2442313	REPORT
	https://bugzilla.redhat.com/2442314	REPORT
	https://bugzilla.redhat.com/2442316	REPORT
	https://bugzilla.redhat.com/2442318	REPORT
	https://bugzilla.redhat.com/2442319	REPORT
	https://bugzilla.redhat.com/2442320	REPORT
	https://bugzilla.redhat.com/2442322	REPORT
	https://bugzilla.redhat.com/2442324	REPORT
	https://bugzilla.redhat.com/2442325	REPORT
	https://bugzilla.redhat.com/2442326	REPORT
	https://bugzilla.redhat.com/2442327	REPORT
	https://bugzilla.redhat.com/2442328	REPORT
	https://bugzilla.redhat.com/2442329	REPORT
	https://bugzilla.redhat.com/2442331	REPORT
	https://bugzilla.redhat.com/2442333	REPORT
	https://bugzilla.redhat.com/2442334	REPORT
	https://bugzilla.redhat.com/2442335	REPORT
	https://bugzilla.redhat.com/2442337	REPORT
	https://bugzilla.redhat.com/2442342	REPORT
	https://bugzilla.redhat.com/2442343	REPORT
	https://errata.almalinux.org/8/ALSA-2026-3338.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.8.0-2.el8_10.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  \n\nSecurity Fix(es):  \n\n  * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)\n  * firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)\n  * firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2793)\n  * firefox: Undefined behavior in the DOM: Core \u0026 HTML component (CVE-2026-2771)\n  * firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software (CVE-2026-2776)\n  * firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)\n  * firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)\n  * firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)\n  * firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)\n  * firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)\n  * firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-2783)\n  * firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)\n  * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)\n  * firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)\n  * firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)\n  * firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)\n  * firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)\n  * firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)\n  * firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)\n  * firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2792)\n  * firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)\n  * firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)\n  * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component (CVE-2026-2760)\n  * firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)\n  * firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)\n  * firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)\n  * firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)\n  * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)\n  * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component (CVE-2026-2778)\n  * firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)\n  * firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)\n  * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:3338",
  "modified": "2026-03-02T12:54:29Z",
  "published": "2026-02-25T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:3338"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2447"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2757"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2758"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2759"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2760"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2761"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2762"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2763"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2764"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2765"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2766"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2767"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2768"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2769"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2770"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2771"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2772"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2773"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2774"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2775"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2776"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2777"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2778"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2779"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2780"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2781"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2782"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2783"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2784"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2785"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2786"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2787"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2788"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2789"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2790"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2791"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2792"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2793"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2440219"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442284"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442287"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442288"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442290"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442291"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442292"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442294"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442295"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442297"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442298"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442300"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442302"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442304"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442307"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442308"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442309"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442312"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442313"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442314"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442316"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442318"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442320"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442322"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442324"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442325"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442326"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442327"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442328"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442329"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442331"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442333"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442334"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442335"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442337"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442342"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442343"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2026-3338.html"
    }
  ],
  "related": [
    "CVE-2026-2447",
    "CVE-2026-2785",
    "CVE-2026-2793",
    "CVE-2026-2771",
    "CVE-2026-2774",
    "CVE-2026-2776",
    "CVE-2026-2781",
    "CVE-2026-2766",
    "CVE-2026-2769",
    "CVE-2026-2787",
    "CVE-2026-2768",
    "CVE-2026-2783",
    "CVE-2026-2788",
    "CVE-2026-2784",
    "CVE-2026-2759",
    "CVE-2026-2762",
    "CVE-2026-2761",
    "CVE-2026-2777",
    "CVE-2026-2790",
    "CVE-2026-2775",
    "CVE-2026-2763",
    "CVE-2026-2792",
    "CVE-2026-2773",
    "CVE-2026-2786",
    "CVE-2026-2789",
    "CVE-2026-2757",
    "CVE-2026-2760",
    "CVE-2026-2772",
    "CVE-2026-2779",
    "CVE-2026-2767",
    "CVE-2026-2764",
    "CVE-2026-2782",
    "CVE-2026-2765",
    "CVE-2026-2780",
    "CVE-2026-2778",
    "CVE-2026-2758",
    "CVE-2026-2791",
    "CVE-2026-2770"
  ],
  "summary": "Important: firefox security update"
}

alsa-2026:3339

Vulnerability from osv_almalinux

Published

2026-02-25 00:00

Modified

2026-02-26 10:21

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)
firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)
firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2793)
firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)
firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)
firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software (CVE-2026-2776)
firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)
firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)
firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)
firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)
firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)
firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-2783)
firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)
firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)
firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)
firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)
firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)
firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)
firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)
firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)
firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2792)
firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)
firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)
firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)
firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component (CVE-2026-2760)
firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)
firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)
firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)
firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)
firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)
firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)
firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component (CVE-2026-2778)
firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)
firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)
firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:3339	ADVISORY
	https://access.redhat.com/security/cve/CVE-2026-2447	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2757	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2758	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2759	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2760	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2761	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2762	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2763	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2764	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2765	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2766	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2767	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2768	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2769	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2770	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2771	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2772	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2773	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2774	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2775	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2776	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2777	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2778	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2779	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2780	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2781	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2782	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2783	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2784	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2785	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2786	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2787	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2788	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2789	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2790	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2791	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2792	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2793	REPORT
	https://bugzilla.redhat.com/2440219	REPORT
	https://bugzilla.redhat.com/2442284	REPORT
	https://bugzilla.redhat.com/2442287	REPORT
	https://bugzilla.redhat.com/2442288	REPORT
	https://bugzilla.redhat.com/2442290	REPORT
	https://bugzilla.redhat.com/2442291	REPORT
	https://bugzilla.redhat.com/2442292	REPORT
	https://bugzilla.redhat.com/2442294	REPORT
	https://bugzilla.redhat.com/2442295	REPORT
	https://bugzilla.redhat.com/2442297	REPORT
	https://bugzilla.redhat.com/2442298	REPORT
	https://bugzilla.redhat.com/2442300	REPORT
	https://bugzilla.redhat.com/2442302	REPORT
	https://bugzilla.redhat.com/2442304	REPORT
	https://bugzilla.redhat.com/2442307	REPORT
	https://bugzilla.redhat.com/2442308	REPORT
	https://bugzilla.redhat.com/2442309	REPORT
	https://bugzilla.redhat.com/2442312	REPORT
	https://bugzilla.redhat.com/2442313	REPORT
	https://bugzilla.redhat.com/2442314	REPORT
	https://bugzilla.redhat.com/2442316	REPORT
	https://bugzilla.redhat.com/2442318	REPORT
	https://bugzilla.redhat.com/2442319	REPORT
	https://bugzilla.redhat.com/2442320	REPORT
	https://bugzilla.redhat.com/2442322	REPORT
	https://bugzilla.redhat.com/2442324	REPORT
	https://bugzilla.redhat.com/2442325	REPORT
	https://bugzilla.redhat.com/2442326	REPORT
	https://bugzilla.redhat.com/2442327	REPORT
	https://bugzilla.redhat.com/2442328	REPORT
	https://bugzilla.redhat.com/2442329	REPORT
	https://bugzilla.redhat.com/2442331	REPORT
	https://bugzilla.redhat.com/2442333	REPORT
	https://bugzilla.redhat.com/2442334	REPORT
	https://bugzilla.redhat.com/2442335	REPORT
	https://bugzilla.redhat.com/2442337	REPORT
	https://bugzilla.redhat.com/2442342	REPORT
	https://bugzilla.redhat.com/2442343	REPORT
	https://errata.almalinux.org/9/ALSA-2026-3339.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.8.0-2.el9_7.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox-x11"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.8.0-2.el9_7.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  \n\nSecurity Fix(es):  \n\n  * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)\n  * firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)\n  * firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2793)\n  * firefox: Undefined behavior in the DOM: Core \u0026 HTML component (CVE-2026-2771)\n  * firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software (CVE-2026-2776)\n  * firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)\n  * firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)\n  * firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)\n  * firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)\n  * firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)\n  * firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-2783)\n  * firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)\n  * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)\n  * firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)\n  * firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)\n  * firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)\n  * firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)\n  * firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)\n  * firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)\n  * firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2792)\n  * firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)\n  * firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)\n  * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component (CVE-2026-2760)\n  * firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)\n  * firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)\n  * firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)\n  * firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)\n  * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)\n  * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component (CVE-2026-2778)\n  * firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)\n  * firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)\n  * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:3339",
  "modified": "2026-02-26T10:21:52Z",
  "published": "2026-02-25T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:3339"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2447"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2757"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2758"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2759"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2760"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2761"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2762"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2763"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2764"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2765"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2766"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2767"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2768"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2769"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2770"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2771"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2772"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2773"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2774"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2775"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2776"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2777"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2778"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2779"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2780"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2781"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2782"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2783"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2784"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2785"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2786"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2787"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2788"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2789"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2790"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2791"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2792"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2793"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2440219"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442284"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442287"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442288"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442290"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442291"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442292"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442294"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442295"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442297"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442298"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442300"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442302"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442304"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442307"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442308"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442309"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442312"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442313"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442314"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442316"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442318"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442320"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442322"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442324"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442325"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442326"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442327"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442328"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442329"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442331"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442333"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442334"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442335"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442337"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442342"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442343"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2026-3339.html"
    }
  ],
  "related": [
    "CVE-2026-2447",
    "CVE-2026-2785",
    "CVE-2026-2793",
    "CVE-2026-2771",
    "CVE-2026-2774",
    "CVE-2026-2776",
    "CVE-2026-2781",
    "CVE-2026-2766",
    "CVE-2026-2769",
    "CVE-2026-2787",
    "CVE-2026-2768",
    "CVE-2026-2783",
    "CVE-2026-2788",
    "CVE-2026-2784",
    "CVE-2026-2759",
    "CVE-2026-2762",
    "CVE-2026-2761",
    "CVE-2026-2777",
    "CVE-2026-2790",
    "CVE-2026-2775",
    "CVE-2026-2763",
    "CVE-2026-2792",
    "CVE-2026-2773",
    "CVE-2026-2786",
    "CVE-2026-2789",
    "CVE-2026-2757",
    "CVE-2026-2760",
    "CVE-2026-2772",
    "CVE-2026-2779",
    "CVE-2026-2767",
    "CVE-2026-2764",
    "CVE-2026-2782",
    "CVE-2026-2765",
    "CVE-2026-2780",
    "CVE-2026-2778",
    "CVE-2026-2758",
    "CVE-2026-2791",
    "CVE-2026-2770"
  ],
  "summary": "Important: firefox security update"
}

alsa-2026:3361

Vulnerability from osv_almalinux

Published

2026-02-25 00:00

Modified

2026-02-26 10:18

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)
firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)
firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2793)
firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)
firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)
firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software (CVE-2026-2776)
firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)
firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)
firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)
firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)
firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)
firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-2783)
firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)
firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)
firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)
firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)
firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)
firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)
firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)
firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)
firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2792)
firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)
firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)
firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)
firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component (CVE-2026-2760)
firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)
firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)
firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)
firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)
firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)
firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)
firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component (CVE-2026-2778)
firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)
firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)
firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:3361	ADVISORY
	https://access.redhat.com/security/cve/CVE-2026-2447	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2757	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2758	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2759	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2760	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2761	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2762	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2763	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2764	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2765	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2766	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2767	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2768	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2769	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2770	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2771	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2772	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2773	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2774	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2775	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2776	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2777	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2778	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2779	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2780	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2781	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2782	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2783	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2784	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2785	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2786	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2787	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2788	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2789	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2790	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2791	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2792	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2793	REPORT
	https://bugzilla.redhat.com/2440219	REPORT
	https://bugzilla.redhat.com/2442284	REPORT
	https://bugzilla.redhat.com/2442287	REPORT
	https://bugzilla.redhat.com/2442288	REPORT
	https://bugzilla.redhat.com/2442290	REPORT
	https://bugzilla.redhat.com/2442291	REPORT
	https://bugzilla.redhat.com/2442292	REPORT
	https://bugzilla.redhat.com/2442294	REPORT
	https://bugzilla.redhat.com/2442295	REPORT
	https://bugzilla.redhat.com/2442297	REPORT
	https://bugzilla.redhat.com/2442298	REPORT
	https://bugzilla.redhat.com/2442300	REPORT
	https://bugzilla.redhat.com/2442302	REPORT
	https://bugzilla.redhat.com/2442304	REPORT
	https://bugzilla.redhat.com/2442307	REPORT
	https://bugzilla.redhat.com/2442308	REPORT
	https://bugzilla.redhat.com/2442309	REPORT
	https://bugzilla.redhat.com/2442312	REPORT
	https://bugzilla.redhat.com/2442313	REPORT
	https://bugzilla.redhat.com/2442314	REPORT
	https://bugzilla.redhat.com/2442316	REPORT
	https://bugzilla.redhat.com/2442318	REPORT
	https://bugzilla.redhat.com/2442319	REPORT
	https://bugzilla.redhat.com/2442320	REPORT
	https://bugzilla.redhat.com/2442322	REPORT
	https://bugzilla.redhat.com/2442324	REPORT
	https://bugzilla.redhat.com/2442325	REPORT
	https://bugzilla.redhat.com/2442326	REPORT
	https://bugzilla.redhat.com/2442327	REPORT
	https://bugzilla.redhat.com/2442328	REPORT
	https://bugzilla.redhat.com/2442329	REPORT
	https://bugzilla.redhat.com/2442331	REPORT
	https://bugzilla.redhat.com/2442333	REPORT
	https://bugzilla.redhat.com/2442334	REPORT
	https://bugzilla.redhat.com/2442335	REPORT
	https://bugzilla.redhat.com/2442337	REPORT
	https://bugzilla.redhat.com/2442342	REPORT
	https://bugzilla.redhat.com/2442343	REPORT
	https://errata.almalinux.org/10/ALSA-2026-3361.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.8.0-2.el10_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  \n\nSecurity Fix(es):  \n\n  * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)\n  * firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)\n  * firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2793)\n  * firefox: Undefined behavior in the DOM: Core \u0026 HTML component (CVE-2026-2771)\n  * firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software (CVE-2026-2776)\n  * firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)\n  * firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)\n  * firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)\n  * firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)\n  * firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)\n  * firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-2783)\n  * firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)\n  * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)\n  * firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)\n  * firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)\n  * firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)\n  * firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)\n  * firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)\n  * firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)\n  * firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2792)\n  * firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)\n  * firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)\n  * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component (CVE-2026-2760)\n  * firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)\n  * firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)\n  * firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)\n  * firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)\n  * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)\n  * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component (CVE-2026-2778)\n  * firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)\n  * firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)\n  * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:3361",
  "modified": "2026-02-26T10:18:27Z",
  "published": "2026-02-25T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:3361"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2447"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2757"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2758"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2759"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2760"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2761"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2762"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2763"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2764"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2765"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2766"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2767"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2768"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2769"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2770"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2771"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2772"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2773"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2774"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2775"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2776"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2777"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2778"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2779"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2780"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2781"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2782"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2783"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2784"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2785"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2786"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2787"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2788"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2789"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2790"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2791"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2792"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2793"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2440219"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442284"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442287"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442288"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442290"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442291"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442292"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442294"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442295"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442297"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442298"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442300"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442302"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442304"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442307"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442308"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442309"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442312"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442313"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442314"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442316"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442318"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442320"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442322"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442324"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442325"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442326"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442327"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442328"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442329"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442331"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442333"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442334"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442335"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442337"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442342"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442343"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2026-3361.html"
    }
  ],
  "related": [
    "CVE-2026-2447",
    "CVE-2026-2785",
    "CVE-2026-2793",
    "CVE-2026-2771",
    "CVE-2026-2774",
    "CVE-2026-2776",
    "CVE-2026-2781",
    "CVE-2026-2766",
    "CVE-2026-2769",
    "CVE-2026-2787",
    "CVE-2026-2768",
    "CVE-2026-2783",
    "CVE-2026-2788",
    "CVE-2026-2784",
    "CVE-2026-2759",
    "CVE-2026-2762",
    "CVE-2026-2761",
    "CVE-2026-2777",
    "CVE-2026-2790",
    "CVE-2026-2775",
    "CVE-2026-2763",
    "CVE-2026-2792",
    "CVE-2026-2773",
    "CVE-2026-2786",
    "CVE-2026-2789",
    "CVE-2026-2757",
    "CVE-2026-2760",
    "CVE-2026-2772",
    "CVE-2026-2779",
    "CVE-2026-2767",
    "CVE-2026-2764",
    "CVE-2026-2782",
    "CVE-2026-2765",
    "CVE-2026-2780",
    "CVE-2026-2778",
    "CVE-2026-2758",
    "CVE-2026-2791",
    "CVE-2026-2770"
  ],
  "summary": "Important: firefox security update"
}

alsa-2026:3515

Vulnerability from osv_almalinux

Published

2026-03-02 00:00

Modified

2026-03-04 11:54

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)
firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)
firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2793)
firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)
firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)
firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software (CVE-2026-2776)
firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)
firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)
firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)
firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)
firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)
firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-2783)
firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)
firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)
firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)
firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)
firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)
firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)
firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)
firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)
firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2792)
firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)
firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)
firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)
firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component (CVE-2026-2760)
firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)
firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)
firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)
firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)
firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)
firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)
firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component (CVE-2026-2778)
firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)
firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)
firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:3515	ADVISORY
	https://access.redhat.com/security/cve/CVE-2026-2447	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2757	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2758	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2759	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2760	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2761	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2762	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2763	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2764	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2765	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2766	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2767	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2768	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2769	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2770	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2771	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2772	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2773	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2774	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2775	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2776	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2777	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2778	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2779	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2780	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2781	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2782	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2783	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2784	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2785	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2786	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2787	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2788	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2789	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2790	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2791	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2792	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2793	REPORT
	https://bugzilla.redhat.com/2440219	REPORT
	https://bugzilla.redhat.com/2442284	REPORT
	https://bugzilla.redhat.com/2442287	REPORT
	https://bugzilla.redhat.com/2442288	REPORT
	https://bugzilla.redhat.com/2442290	REPORT
	https://bugzilla.redhat.com/2442291	REPORT
	https://bugzilla.redhat.com/2442292	REPORT
	https://bugzilla.redhat.com/2442294	REPORT
	https://bugzilla.redhat.com/2442295	REPORT
	https://bugzilla.redhat.com/2442297	REPORT
	https://bugzilla.redhat.com/2442298	REPORT
	https://bugzilla.redhat.com/2442300	REPORT
	https://bugzilla.redhat.com/2442302	REPORT
	https://bugzilla.redhat.com/2442304	REPORT
	https://bugzilla.redhat.com/2442307	REPORT
	https://bugzilla.redhat.com/2442308	REPORT
	https://bugzilla.redhat.com/2442309	REPORT
	https://bugzilla.redhat.com/2442312	REPORT
	https://bugzilla.redhat.com/2442313	REPORT
	https://bugzilla.redhat.com/2442314	REPORT
	https://bugzilla.redhat.com/2442316	REPORT
	https://bugzilla.redhat.com/2442318	REPORT
	https://bugzilla.redhat.com/2442319	REPORT
	https://bugzilla.redhat.com/2442320	REPORT
	https://bugzilla.redhat.com/2442322	REPORT
	https://bugzilla.redhat.com/2442324	REPORT
	https://bugzilla.redhat.com/2442325	REPORT
	https://bugzilla.redhat.com/2442326	REPORT
	https://bugzilla.redhat.com/2442327	REPORT
	https://bugzilla.redhat.com/2442328	REPORT
	https://bugzilla.redhat.com/2442329	REPORT
	https://bugzilla.redhat.com/2442331	REPORT
	https://bugzilla.redhat.com/2442333	REPORT
	https://bugzilla.redhat.com/2442334	REPORT
	https://bugzilla.redhat.com/2442335	REPORT
	https://bugzilla.redhat.com/2442337	REPORT
	https://bugzilla.redhat.com/2442342	REPORT
	https://bugzilla.redhat.com/2442343	REPORT
	https://errata.almalinux.org/8/ALSA-2026-3515.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.8.0-1.el8_10.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.  \n\nSecurity Fix(es):  \n\n  * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)\n  * firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)\n  * firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2793)\n  * firefox: Undefined behavior in the DOM: Core \u0026 HTML component (CVE-2026-2771)\n  * firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software (CVE-2026-2776)\n  * firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)\n  * firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)\n  * firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)\n  * firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)\n  * firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)\n  * firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-2783)\n  * firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)\n  * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)\n  * firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)\n  * firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)\n  * firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)\n  * firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)\n  * firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)\n  * firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)\n  * firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2792)\n  * firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)\n  * firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)\n  * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component (CVE-2026-2760)\n  * firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)\n  * firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)\n  * firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)\n  * firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)\n  * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)\n  * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component (CVE-2026-2778)\n  * firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)\n  * firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)\n  * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:3515",
  "modified": "2026-03-04T11:54:18Z",
  "published": "2026-03-02T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:3515"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2447"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2757"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2758"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2759"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2760"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2761"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2762"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2763"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2764"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2765"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2766"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2767"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2768"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2769"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2770"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2771"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2772"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2773"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2774"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2775"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2776"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2777"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2778"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2779"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2780"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2781"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2782"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2783"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2784"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2785"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2786"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2787"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2788"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2789"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2790"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2791"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2792"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2793"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2440219"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442284"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442287"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442288"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442290"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442291"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442292"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442294"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442295"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442297"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442298"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442300"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442302"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442304"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442307"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442308"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442309"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442312"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442313"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442314"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442316"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442318"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442320"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442322"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442324"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442325"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442326"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442327"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442328"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442329"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442331"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442333"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442334"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442335"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442337"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442342"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442343"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2026-3515.html"
    }
  ],
  "related": [
    "CVE-2026-2447",
    "CVE-2026-2785",
    "CVE-2026-2793",
    "CVE-2026-2771",
    "CVE-2026-2774",
    "CVE-2026-2776",
    "CVE-2026-2781",
    "CVE-2026-2766",
    "CVE-2026-2769",
    "CVE-2026-2787",
    "CVE-2026-2768",
    "CVE-2026-2783",
    "CVE-2026-2788",
    "CVE-2026-2784",
    "CVE-2026-2759",
    "CVE-2026-2762",
    "CVE-2026-2761",
    "CVE-2026-2777",
    "CVE-2026-2790",
    "CVE-2026-2775",
    "CVE-2026-2763",
    "CVE-2026-2792",
    "CVE-2026-2773",
    "CVE-2026-2786",
    "CVE-2026-2789",
    "CVE-2026-2757",
    "CVE-2026-2760",
    "CVE-2026-2772",
    "CVE-2026-2779",
    "CVE-2026-2767",
    "CVE-2026-2764",
    "CVE-2026-2782",
    "CVE-2026-2765",
    "CVE-2026-2780",
    "CVE-2026-2778",
    "CVE-2026-2758",
    "CVE-2026-2791",
    "CVE-2026-2770"
  ],
  "summary": "Important: thunderbird security update"
}

alsa-2026:3516

Vulnerability from osv_almalinux

Published

2026-03-02 00:00

Modified

2026-03-04 10:23

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)
firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)
firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2793)
firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)
firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)
firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software (CVE-2026-2776)
firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)
firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)
firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)
firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)
firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)
firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-2783)
firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)
firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)
firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)
firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)
firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)
firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)
firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)
firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)
firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2792)
firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)
firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)
firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)
firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component (CVE-2026-2760)
firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)
firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)
firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)
firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)
firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)
firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)
firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component (CVE-2026-2778)
firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)
firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)
firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:3516	ADVISORY
	https://access.redhat.com/security/cve/CVE-2026-2447	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2757	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2758	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2759	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2760	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2761	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2762	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2763	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2764	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2765	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2766	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2767	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2768	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2769	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2770	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2771	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2772	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2773	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2774	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2775	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2776	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2777	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2778	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2779	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2780	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2781	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2782	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2783	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2784	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2785	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2786	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2787	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2788	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2789	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2790	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2791	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2792	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2793	REPORT
	https://bugzilla.redhat.com/2440219	REPORT
	https://bugzilla.redhat.com/2442284	REPORT
	https://bugzilla.redhat.com/2442287	REPORT
	https://bugzilla.redhat.com/2442288	REPORT
	https://bugzilla.redhat.com/2442290	REPORT
	https://bugzilla.redhat.com/2442291	REPORT
	https://bugzilla.redhat.com/2442292	REPORT
	https://bugzilla.redhat.com/2442294	REPORT
	https://bugzilla.redhat.com/2442295	REPORT
	https://bugzilla.redhat.com/2442297	REPORT
	https://bugzilla.redhat.com/2442298	REPORT
	https://bugzilla.redhat.com/2442300	REPORT
	https://bugzilla.redhat.com/2442302	REPORT
	https://bugzilla.redhat.com/2442304	REPORT
	https://bugzilla.redhat.com/2442307	REPORT
	https://bugzilla.redhat.com/2442308	REPORT
	https://bugzilla.redhat.com/2442309	REPORT
	https://bugzilla.redhat.com/2442312	REPORT
	https://bugzilla.redhat.com/2442313	REPORT
	https://bugzilla.redhat.com/2442314	REPORT
	https://bugzilla.redhat.com/2442316	REPORT
	https://bugzilla.redhat.com/2442318	REPORT
	https://bugzilla.redhat.com/2442319	REPORT
	https://bugzilla.redhat.com/2442320	REPORT
	https://bugzilla.redhat.com/2442322	REPORT
	https://bugzilla.redhat.com/2442324	REPORT
	https://bugzilla.redhat.com/2442325	REPORT
	https://bugzilla.redhat.com/2442326	REPORT
	https://bugzilla.redhat.com/2442327	REPORT
	https://bugzilla.redhat.com/2442328	REPORT
	https://bugzilla.redhat.com/2442329	REPORT
	https://bugzilla.redhat.com/2442331	REPORT
	https://bugzilla.redhat.com/2442333	REPORT
	https://bugzilla.redhat.com/2442334	REPORT
	https://bugzilla.redhat.com/2442335	REPORT
	https://bugzilla.redhat.com/2442337	REPORT
	https://bugzilla.redhat.com/2442342	REPORT
	https://bugzilla.redhat.com/2442343	REPORT
	https://errata.almalinux.org/9/ALSA-2026-3516.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.8.0-1.el9_7.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.  \n\nSecurity Fix(es):  \n\n  * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)\n  * firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)\n  * firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2793)\n  * firefox: Undefined behavior in the DOM: Core \u0026 HTML component (CVE-2026-2771)\n  * firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software (CVE-2026-2776)\n  * firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)\n  * firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)\n  * firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)\n  * firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)\n  * firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)\n  * firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-2783)\n  * firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)\n  * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)\n  * firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)\n  * firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)\n  * firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)\n  * firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)\n  * firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)\n  * firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)\n  * firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2792)\n  * firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)\n  * firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)\n  * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component (CVE-2026-2760)\n  * firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)\n  * firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)\n  * firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)\n  * firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)\n  * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)\n  * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component (CVE-2026-2778)\n  * firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)\n  * firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)\n  * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:3516",
  "modified": "2026-03-04T10:23:48Z",
  "published": "2026-03-02T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:3516"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2447"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2757"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2758"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2759"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2760"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2761"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2762"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2763"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2764"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2765"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2766"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2767"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2768"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2769"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2770"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2771"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2772"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2773"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2774"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2775"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2776"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2777"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2778"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2779"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2780"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2781"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2782"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2783"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2784"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2785"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2786"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2787"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2788"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2789"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2790"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2791"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2792"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2793"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2440219"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442284"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442287"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442288"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442290"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442291"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442292"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442294"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442295"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442297"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442298"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442300"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442302"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442304"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442307"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442308"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442309"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442312"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442313"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442314"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442316"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442318"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442320"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442322"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442324"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442325"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442326"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442327"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442328"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442329"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442331"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442333"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442334"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442335"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442337"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442342"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442343"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2026-3516.html"
    }
  ],
  "related": [
    "CVE-2026-2447",
    "CVE-2026-2785",
    "CVE-2026-2793",
    "CVE-2026-2771",
    "CVE-2026-2774",
    "CVE-2026-2776",
    "CVE-2026-2781",
    "CVE-2026-2766",
    "CVE-2026-2769",
    "CVE-2026-2787",
    "CVE-2026-2768",
    "CVE-2026-2783",
    "CVE-2026-2788",
    "CVE-2026-2784",
    "CVE-2026-2759",
    "CVE-2026-2762",
    "CVE-2026-2761",
    "CVE-2026-2777",
    "CVE-2026-2790",
    "CVE-2026-2775",
    "CVE-2026-2763",
    "CVE-2026-2792",
    "CVE-2026-2773",
    "CVE-2026-2786",
    "CVE-2026-2789",
    "CVE-2026-2757",
    "CVE-2026-2760",
    "CVE-2026-2772",
    "CVE-2026-2779",
    "CVE-2026-2767",
    "CVE-2026-2764",
    "CVE-2026-2782",
    "CVE-2026-2765",
    "CVE-2026-2780",
    "CVE-2026-2778",
    "CVE-2026-2758",
    "CVE-2026-2791",
    "CVE-2026-2770"
  ],
  "summary": "Important: thunderbird security update"
}

alsa-2026:3517

Vulnerability from osv_almalinux

Published

2026-03-02 00:00

Modified

2026-03-05 07:45

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)
firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)
firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2793)
firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)
firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)
firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software (CVE-2026-2776)
firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)
firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)
firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)
firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)
firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)
firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-2783)
firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)
firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)
firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)
firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)
firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)
firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)
firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)
firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)
firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2792)
firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)
firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)
firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)
firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component (CVE-2026-2760)
firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)
firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)
firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)
firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)
firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)
firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)
firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)
firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component (CVE-2026-2778)
firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)
firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)
firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:3517	ADVISORY
	https://access.redhat.com/security/cve/CVE-2026-2447	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2757	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2758	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2759	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2760	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2761	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2762	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2763	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2764	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2765	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2766	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2767	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2768	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2769	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2770	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2771	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2772	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2773	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2774	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2775	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2776	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2777	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2778	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2779	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2780	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2781	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2782	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2783	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2784	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2785	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2786	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2787	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2788	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2789	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2790	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2791	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2792	REPORT
	https://access.redhat.com/security/cve/CVE-2026-2793	REPORT
	https://bugzilla.redhat.com/2440219	REPORT
	https://bugzilla.redhat.com/2442284	REPORT
	https://bugzilla.redhat.com/2442287	REPORT
	https://bugzilla.redhat.com/2442288	REPORT
	https://bugzilla.redhat.com/2442290	REPORT
	https://bugzilla.redhat.com/2442291	REPORT
	https://bugzilla.redhat.com/2442292	REPORT
	https://bugzilla.redhat.com/2442294	REPORT
	https://bugzilla.redhat.com/2442295	REPORT
	https://bugzilla.redhat.com/2442297	REPORT
	https://bugzilla.redhat.com/2442298	REPORT
	https://bugzilla.redhat.com/2442300	REPORT
	https://bugzilla.redhat.com/2442302	REPORT
	https://bugzilla.redhat.com/2442304	REPORT
	https://bugzilla.redhat.com/2442307	REPORT
	https://bugzilla.redhat.com/2442308	REPORT
	https://bugzilla.redhat.com/2442309	REPORT
	https://bugzilla.redhat.com/2442312	REPORT
	https://bugzilla.redhat.com/2442313	REPORT
	https://bugzilla.redhat.com/2442314	REPORT
	https://bugzilla.redhat.com/2442316	REPORT
	https://bugzilla.redhat.com/2442318	REPORT
	https://bugzilla.redhat.com/2442319	REPORT
	https://bugzilla.redhat.com/2442320	REPORT
	https://bugzilla.redhat.com/2442322	REPORT
	https://bugzilla.redhat.com/2442324	REPORT
	https://bugzilla.redhat.com/2442325	REPORT
	https://bugzilla.redhat.com/2442326	REPORT
	https://bugzilla.redhat.com/2442327	REPORT
	https://bugzilla.redhat.com/2442328	REPORT
	https://bugzilla.redhat.com/2442329	REPORT
	https://bugzilla.redhat.com/2442331	REPORT
	https://bugzilla.redhat.com/2442333	REPORT
	https://bugzilla.redhat.com/2442334	REPORT
	https://bugzilla.redhat.com/2442335	REPORT
	https://bugzilla.redhat.com/2442337	REPORT
	https://bugzilla.redhat.com/2442342	REPORT
	https://bugzilla.redhat.com/2442343	REPORT
	https://errata.almalinux.org/10/ALSA-2026-3517.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.8.0-2.el10_1.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.  \n\nSecurity Fix(es):  \n\n  * libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)\n  * firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)\n  * firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2793)\n  * firefox: Undefined behavior in the DOM: Core \u0026 HTML component (CVE-2026-2771)\n  * firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software (CVE-2026-2776)\n  * firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)\n  * firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)\n  * firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)\n  * firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)\n  * firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)\n  * firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-2783)\n  * firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)\n  * firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)\n  * firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)\n  * firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)\n  * firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)\n  * firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)\n  * firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)\n  * firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)\n  * firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2792)\n  * firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)\n  * firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)\n  * firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component (CVE-2026-2760)\n  * firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)\n  * firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)\n  * firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)\n  * firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)\n  * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)\n  * firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)\n  * firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)\n  * firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component (CVE-2026-2778)\n  * firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)\n  * firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)\n  * firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:3517",
  "modified": "2026-03-05T07:45:44Z",
  "published": "2026-03-02T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:3517"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2447"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2757"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2758"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2759"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2760"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2761"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2762"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2763"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2764"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2765"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2766"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2767"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2768"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2769"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2770"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2771"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2772"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2773"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2774"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2775"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2776"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2777"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2778"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2779"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2780"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2781"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2782"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2783"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2784"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2785"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2786"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2787"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2788"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2789"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2790"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2791"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2792"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2793"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2440219"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442284"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442287"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442288"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442290"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442291"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442292"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442294"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442295"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442297"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442298"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442300"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442302"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442304"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442307"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442308"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442309"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442312"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442313"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442314"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442316"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442318"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442319"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442320"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442322"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442324"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442325"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442326"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442327"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442328"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442329"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442331"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442333"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442334"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442335"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442337"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442342"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2442343"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2026-3517.html"
    }
  ],
  "related": [
    "CVE-2026-2447",
    "CVE-2026-2785",
    "CVE-2026-2793",
    "CVE-2026-2771",
    "CVE-2026-2774",
    "CVE-2026-2776",
    "CVE-2026-2781",
    "CVE-2026-2766",
    "CVE-2026-2769",
    "CVE-2026-2787",
    "CVE-2026-2768",
    "CVE-2026-2783",
    "CVE-2026-2788",
    "CVE-2026-2784",
    "CVE-2026-2759",
    "CVE-2026-2762",
    "CVE-2026-2761",
    "CVE-2026-2777",
    "CVE-2026-2790",
    "CVE-2026-2775",
    "CVE-2026-2763",
    "CVE-2026-2792",
    "CVE-2026-2773",
    "CVE-2026-2786",
    "CVE-2026-2789",
    "CVE-2026-2757",
    "CVE-2026-2760",
    "CVE-2026-2772",
    "CVE-2026-2779",
    "CVE-2026-2767",
    "CVE-2026-2764",
    "CVE-2026-2782",
    "CVE-2026-2765",
    "CVE-2026-2780",
    "CVE-2026-2778",
    "CVE-2026-2758",
    "CVE-2026-2791",
    "CVE-2026-2770"
  ],
  "summary": "Important: thunderbird security update"
}

CERTFR-2026-AVI-0204

Vulnerability from certfr_avis - Published: 2026-02-25 - Updated: 2026-02-25

De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Mozilla	Firefox	Firefox pour iOS versions antérieures à 147.4
Mozilla	Thunderbird	Thunderbird versions antérieures à 140.8
Mozilla	Firefox	Firefox versions antérieures à 148
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 115.33
Mozilla	Thunderbird	Thunderbird versions antérieures à 148
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 140.8

References

Title

Publication Time

CNVD-2026-20775

Vulnerability from cnvd - Published: 2026-05-19

Title

多款Mozilla产品缓冲区溢出漏洞（CNVD-2026-20775）

Description

Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox（Web浏览器）的一个延长支持版本。Mozilla Thunderbird是一套从Mozilla Application Suite独立出来的电子邮件客户端软件。多款Mozilla产品存在缓冲区溢出漏洞，该漏洞是由于DOM:Core和HTML组件的边界检查不当造成的。攻击者可利用该漏洞导致沙箱逃逸。

Severity

高

Patch Name

多款Mozilla产品缓冲区溢出漏洞（CNVD-2026-20775）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.mozilla.org/security/advisories/mfsa2026-13/

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=2016358

Impacted products

Name
['Mozilla Firefox <148', 'Mozilla Firefox ESR <115.33', 'Mozilla Firefox ESR <140.8', 'Mozilla Thunderbird <148', 'Mozilla Thunderbird <140.8']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-2778",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-2778"
    }
  },
  "description": "Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox\uff08Web\u6d4f\u89c8\u5668\uff09\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u4e00\u5957\u4eceMozilla Application Suite\u72ec\u7acb\u51fa\u6765\u7684\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\n\n\u591a\u6b3eMozilla\u4ea7\u54c1\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eDOM:Core\u548cHTML\u7ec4\u4ef6\u7684\u8fb9\u754c\u68c0\u67e5\u4e0d\u5f53\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6c99\u7bb1\u9003\u9038\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.mozilla.org/security/advisories/mfsa2026-13/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-20775",
  "openTime": "2026-05-19",
  "patchDescription": "Mozilla Firefox\u662f\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox\uff08Web\u6d4f\u89c8\u5668\uff09\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u4e00\u5957\u4eceMozilla Application Suite\u72ec\u7acb\u51fa\u6765\u7684\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\u3002\r\n\r\n\u591a\u6b3eMozilla\u4ea7\u54c1\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eDOM:Core\u548cHTML\u7ec4\u4ef6\u7684\u8fb9\u754c\u68c0\u67e5\u4e0d\u5f53\u9020\u6210\u7684\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u6c99\u7bb1\u9003\u9038\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eMozilla\u4ea7\u54c1\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2026-20775\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox \u003c148",
      "Mozilla Firefox ESR \u003c115.33",
      "Mozilla Firefox ESR \u003c140.8",
      "Mozilla Thunderbird \u003c148",
      "Mozilla Thunderbird \u003c140.8"
    ]
  },
  "referenceLink": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016358",
  "serverity": "\u9ad8",
  "submitTime": "2026-03-11",
  "title": "\u591a\u6b3eMozilla\u4ea7\u54c1\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2026-20775\uff09"
}

FKIE_CVE-2026-2778

Vulnerability from fkie_nvd - Published: 2026-02-24 14:16 - Updated: 2026-06-30 03:18

Severity

10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=2016358	Issue Tracking, Permissions Required
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2026-13/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2026-14/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2026-15/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2026-16/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2026-17/	Vendor Advisory
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3338
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3339
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3361
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3491
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3492
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3493
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3494
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3495
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3496
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3497
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3515
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3516
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3517
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3976
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3978
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3979
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3980
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3981
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3982
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3983
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:3984
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:4022
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:4152
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:4260
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:4432
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/security/cve/CVE-2026-2778
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://bugzilla.redhat.com/show_bug.cgi?id=2442335
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2778.json

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox	*
mozilla	firefox	*
mozilla	thunderbird	*
mozilla	thunderbird	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.33",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.8",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "148",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.8",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "148",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "source": "security@mozilla.org"
    },
    {
      "affectedData": [
        {
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream (v. 10)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream (v. 8)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream (v. 9)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        }
      ],
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
              "matchCriteriaId": "1B590E0E-4C6F-4F2A-A0FF-9BEDA1A36D17",
              "versionEndExcluding": "115.33.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "3D8676DB-4A12-41A0-A1A5-2DED97287973",
              "versionEndExcluding": "148.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
              "matchCriteriaId": "AE16902C-47B5-438D-A4A5-770C08223931",
              "versionEndExcluding": "140.8.0",
              "versionStartIncluding": "128.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*",
              "matchCriteriaId": "73228A3D-A71B-497B-A5BA-412FFE9F6F37",
              "versionEndExcluding": "140.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "C5EBE90D-1996-4578-B715-605B24E66C59",
              "versionEndExcluding": "148.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8."
    },
    {
      "lang": "es",
      "value": "Escape de sandbox debido a condiciones de l\u00edmite incorrectas en el DOM: Componente Core y HTML. Esta vulnerabilidad afecta a Firefox \u0026lt; 148, Firefox ESR \u0026lt; 115.33, Firefox ESR \u0026lt; 140.8, Thunderbird \u0026lt; 148, y Thunderbird \u0026lt; 140.8."
    }
  ],
  "id": "CVE-2026-2778",
  "lastModified": "2026-06-30T03:18:20.000",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-2778",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "yes"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-02-28T03:17:17.791021Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-02-24T14:16:26.230",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016358"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-14/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3338"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3339"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3361"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3491"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3492"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3493"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3494"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3495"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3496"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3497"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3515"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3516"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3517"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3976"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3978"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3979"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3980"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3981"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3982"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3983"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:3984"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:4022"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:4152"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:4260"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:4432"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2778"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442335"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2778.json"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-3QGM-JCXP-M9M6

Vulnerability from github – Published: 2026-02-24 15:30 – Updated: 2026-06-30 03:35

Details

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, and Firefox ESR < 140.8.

Severity

10.0 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-2778"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-24T14:16:26Z",
    "severity": "CRITICAL"
  },
  "details": "Sandbox escape due to incorrect boundary conditions in the DOM: Core \u0026 HTML component. This vulnerability affects Firefox \u003c 148, Firefox ESR \u003c 115.33, and Firefox ESR \u003c 140.8.",
  "id": "GHSA-3qgm-jcxp-m9m6",
  "modified": "2026-06-30T03:35:45Z",
  "published": "2026-02-24T15:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2778"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3338"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3982"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3983"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3984"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:4022"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:4152"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:4260"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:4432"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-2778"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2016358"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442335"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2778.json"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-13"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-14"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-15"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-16"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2026-17"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3339"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3361"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3491"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3492"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3493"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3494"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3495"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3496"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3497"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3515"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3516"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3517"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3976"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3978"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3979"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3980"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:3981"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-2778 (GCVE-0-2026-2778)

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Solutions

Tags

Sightings

Nomenclature