Mozilla Product Security Update Advisory

Overview

 

We have released security updates to fix vulnerabilities in Mozilla products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2026-0877, CVE-2026-0878, CVE-2026-0879, CVE-2026-0880, CVE-2026-0881, CVE-2026-0882, CVE-2026-0891

 

Firefox version: 147 and below
Firefox ESR Version: 115.32 and below
Firefox ESR version: 140.7 or lower
Thunderbird version: less than 147
Thunderbird ESR version: less than 140.7

 

 

Resolved Vulnerabilities

 

DOM: Mitigation bypass vulnerability in Security (CVE-2026-0877)
Graphics: Sandbox escape vulnerability due to incorrect boundary conditions in CanvasWebGL (CVE-2026-0878)
Sandbox escape vulnerability due to invalid boundary conditions in Graphics (CVE-2026-0879)
Sandbox escape vulnerability due to integer overflow in Graphics (CVE-2026-0880)
Sandbox escape vulnerability in Messaging System (CVE-2026-0881)
Use-after-disable vulnerability in IPC (CVE-2026-0882)
Memory Safety Vulnerability in Firefox ESR, Thunderbird ESR, Firefox, and Thunderbird (CVE-2026-0891)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2026-0877, CVE-2026-0878, CVE-2026-0879, CVE-2026-0880, CVE-2026-0881, CVE-2026-0882, CVE-2026-0891

 

Firefox Version: 147
Firefox ESR Version: 115.32
Firefox ESR Version: 140.7
Thunderbird Version: 147
Thunderbird ESR version: 140.7

 

 

References

 

[1] Mozilla Foundation Security Advisory 2026-01
https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/
[2] Mozilla Foundation Security Advisory 2026-02
https://www.mozilla.org/en-US/security/advisories/mfsa2026-02/
[3] Mozilla Foundation Security Advisory 2026-03
https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/