Description
Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
Published: 2026-01-13
Score: 8 High
EPSS: < 1% Very Low
KEV: No
Impact: Sandbox escape
Action: Patch
AI Analysis

Impact

The vulnerability is a sandbox escape caused by incorrect boundary conditions in the Graphics: CanvasWebGL component, which can let an attacker read or write memory outside the intended bounds. The weakness involves improper input validation and buffer management, as reflected by the identified CWEs such as CWE-119 and CWE-20.

Affected Systems

Mozilla Firefox and Thunderbird are impacted. Versions earlier than Firefox 147 or Firefox ESR 140.7, and earlier than Thunderbird 147 or Thunderbird ESR 140.7, are vulnerable. Any release prior to these thresholds remains at risk.

Risk and Exploitability

The CVSS score of 8.0 indicates high severity, while an EPSS score of less than 1% implies a low current exploitation probability. The vulnerability is not listed in CISA’s KEV catalog, meaning no widespread exploit reports exist. The likely attack vector involves an attacker supplying crafted content that triggers the CanvasWebGL component, such as a malicious web page or an email message that renders WebGL; this inference is made because the component is invoked during content rendering and the description indicates a sandbox escape. Attackers would need to supply such crafted content to achieve the exploit.

Generated by OpenCVE AI on April 15, 2026 at 17:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox to version 147 or later, or to Firefox ESR 140.7 or later. Update Mozilla Thunderbird to version 147 or later, or to Thunderbird ESR 140.7 or later.
  • If upgrading is not immediately possible, disable WebGL in affected browsers to reduce the attack surface.
  • Configure content security policies to limit or block WebGL usage for untrusted content where feasible.

Generated by OpenCVE AI on April 15, 2026 at 17:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4439-1 firefox-esr security update
Debian DLA Debian DLA DLA-4442-1 thunderbird security update
Debian DSA Debian DSA DSA-6101-1 firefox-esr security update
Debian DSA Debian DSA DSA-6103-1 thunderbird security update
Ubuntu USN Ubuntu USN USN-7991-1 Thunderbird vulnerabilities
History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Description Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7. Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Thu, 22 Jan 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla thunderbird
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
Vendors & Products Mozilla thunderbird

Thu, 15 Jan 2026 09:45:00 +0000

Type Values Removed Values Added
Description Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7. Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147, Firefox ESR < 140.7, Thunderbird < 147, and Thunderbird < 140.7.
References

Wed, 14 Jan 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla firefox Esr
Vendors & Products Mozilla
Mozilla firefox
Mozilla firefox Esr

Wed, 14 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 13 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-20
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 14:00:00 +0000

Type Values Removed Values Added
Description Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7.
Title Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component
References

Subscriptions

Mozilla Firefox Firefox Esr Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T13:51:40.607Z

Reserved: 2026-01-13T13:30:53.395Z

Link: CVE-2026-0878

cve-icon Vulnrichment

Updated: 2026-01-13T15:42:06.904Z

cve-icon NVD

Status : Modified

Published: 2026-01-13T14:16:38.367

Modified: 2026-04-13T15:17:16.353

Link: CVE-2026-0878

cve-icon Redhat

Severity : Important

Publid Date: 2026-01-13T13:30:53Z

Links: CVE-2026-0878 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T18:30:10Z

Weaknesses